[go: up one dir, main page]

WO2025152913A1 - Method and apparatus for acquiring forwarding proof, and method and apparatus for verifying forwarding proof - Google Patents

Method and apparatus for acquiring forwarding proof, and method and apparatus for verifying forwarding proof

Info

Publication number
WO2025152913A1
WO2025152913A1 PCT/CN2025/072189 CN2025072189W WO2025152913A1 WO 2025152913 A1 WO2025152913 A1 WO 2025152913A1 CN 2025072189 W CN2025072189 W CN 2025072189W WO 2025152913 A1 WO2025152913 A1 WO 2025152913A1
Authority
WO
WIPO (PCT)
Prior art keywords
forwarding
node
path
forwarding node
expected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2025/072189
Other languages
French (fr)
Chinese (zh)
Inventor
刘春池
吴钦
夏靓
潘伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2025152913A1 publication Critical patent/WO2025152913A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/34Source routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application relates to the field of network security, and in particular to a method for obtaining a forwarding certificate, and a method and device for verifying a forwarding certificate.
  • Forwarding proof refers to a type of data generated during the process of forwarding data messages to verify the forwarding status of data messages. Forwarding proof helps reduce the probability of data messages being tampered with or forged during the forwarding process, thereby improving the transmission security of data messages.
  • the forwarding proof obtained in this scenario can still be verified with a certain probability, which shows that the credibility of the forwarding proof is insufficient.
  • the embodiments of the present application provide a method for obtaining a forwarding certificate, a method for verifying a forwarding certificate, and a device, which can improve the credibility of the forwarding certificate.
  • the technical solution is as follows.
  • a method for obtaining a forwarding proof wherein a first forwarding node obtains a first data packet, and at least two key nodes corresponding to the first data packet include a first forwarding node, where the key node is a forwarding node passed through in an expected forwarding path determined by a path planner for the first data packet; the first forwarding node obtains a sequential position of the first forwarding node in the expected forwarding path and identity information of the first forwarding node, the sequential position of the first forwarding node in the expected forwarding path is different from the sequential position of the first forwarding node in an actual forwarding path of the first data packet, and the identity information of the first forwarding node indicates the identity of the first forwarding node; the first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, and the forwarding proof of the first forwarding node is
  • the forwarding proof is obtained by combining the sequential position of the forwarding node in the expected forwarding path and the identity information of the forwarding node, the forwarding proof is not only related to the identity information of the forwarding node, but also to the sequential position of the forwarding node in the expected forwarding path.
  • the forwarding proof can verify whether the identity of the forwarding node is correct (for example, whether the forwarding node is the forwarding node that the path planner expects the business data to pass through when it is transmitted) and whether the sequential position of the forwarding node is correct (for example, whether the sequential relationship between the forwarding nodes conforms to the sequential relationship of the business data passing through the forwarding nodes when the path planner expects the business data to be transmitted).
  • the forwarding proof obtained based on the identity information of the key node and the sequential position of the key node will no longer match, thereby improving the credibility of the forwarding proof.
  • the forwarding proof is obtained by using the sequence position of the forwarding node in the expected forwarding path instead of the sequence position of the forwarding node in the actual forwarding path, so that the sequence position based on which the forwarding proof is obtained is consistent with the sequence position based on which the vector commitment is obtained, thereby achieving fault tolerance of path verification.
  • data packets are allowed to pass through some non-critical nodes (such as old equipment, equipment with weak capabilities, or equipment produced by third-party network manufacturers) during actual transmission, reducing the risk of critical nodes downstream of non-critical nodes interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof.
  • some non-critical nodes such as old equipment, equipment with weak capabilities, or equipment produced by third-party network manufacturers
  • At least two key nodes also include a second forwarding node
  • the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path
  • the first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, including: the first forwarding node obtains the forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forward
  • the obtained forwarding proof can verify at one time whether multiple key nodes are in the corresponding sequential positions in the expected forwarding path, and use batch processing to improve the overall verification performance of the forwarding path, saving the time for calculating proofs and verifying proofs.
  • this method makes the time spent on obtaining forwarding proofs almost not increase linearly with the increase in the number of key nodes, so it is more suitable for large-scale networking and improves scalability.
  • the first forwarding node is the last key node in the expected forwarding path
  • the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node
  • the sequential position and identity information of each key node that the message has passed on the actual forwarding path can be verified at one time, reducing the time and computing costs, improving the efficiency of verification, and making the verification more complete.
  • the method also includes: the first forwarding node obtains the sequential position of the first forwarding node in the actual forwarding path based on the first data packet; the first forwarding node sends the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node.
  • the verification node can perceive the sequence position of the key node in the actual forwarding path, thereby realizing the recordability of non-key nodes. For example, the verification node determines that there is a non-key node between the two key nodes based on the discontinuity of the sequence position of two adjacent key nodes in the actual forwarding path. The verification node determines the number of non-key nodes between the two key nodes based on the difference in the sequence position of two adjacent key nodes in the actual forwarding path.
  • the verification node includes a third forwarding node, which is a key node located downstream of the first forwarding node in the expected forwarding path, and the first forwarding node sends a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path to the verification node, including: the first forwarding node obtains a second data packet based on the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data packet including the payload of the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; the first forwarding node sends the second data packet to the third forwarding node.
  • the actual sequence position and the forwarding proof are carried in the same data message and sent to the key node downstream of the forwarding path, the actual sequence position of the key node is transmitted together with the business data, realizing the transmission of the actual sequence position in an in-band manner.
  • the key node also serves as the verification node (observer)
  • the verification node can obtain the actual sequence position of the key node and the forwarding proof of the key node at the same time by parsing a data message, so the verification node is also more efficient in obtaining the actual sequence position of the key node and the forwarding proof of the key node.
  • the first data packet includes a first position list
  • the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path
  • the second data packet includes a second position list
  • the second position list includes the first position list and the sequential position of the first forwarding node in the actual forwarding path.
  • each key node Since the data message carries a list of the sequential positions of the upstream key nodes in the actual forwarding path, each key node is further added with the sequential position of the local end in the actual forwarding path on the basis of the list carried in the data message, so that the data message can carry the sequential position of each key node in the actual forwarding path that the data message has passed, and the actual sequential position carried in the data message is more complete, reducing the risk of missing the actual sequential position of the key nodes that have been passed but not recorded.
  • the second data packet includes a multi-protocol label switching MPLS header
  • the MPLS header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.
  • the MPLS header In the MPLS scenario, by using the MPLS header to carry forwarding proof and actual sequence position, it supports proving whether the data flow passes through the expected MPLS nodes in the expected order (such as the order indicated by the MPLS label stack), which is suitable for scenarios such as MPLS protocol communication. It provides a mechanism for verifying the source of data in the MPLS network, making it easier to verify whether the data packets are forwarded in the order specified by the MPLS tunnel.
  • the second data packet includes a virtualized extended local area network VxLAN header
  • the VxLAN header includes a forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path; or, in a VxLAN scenario, it is suitable for scenarios such as virtualized networks based on the VxLAN protocol or cross-data center interconnections, and provides a function for verifying the source of data in the VxLAN tunnel, which facilitates verification of whether the data packets are forwarded in sequence in the order specified by the VxLAN tunnel.
  • the second data message includes an Internet Protocol security IPsec header
  • the IPsec header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.
  • the IPv6 extension header includes a segment routing header SRH
  • the SRH includes a type-length-value TLV
  • the TLV of the SRH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.
  • the IPv6 extension header includes an application-aware network APN message header
  • the APN message header includes an application-aware network identifier APN ID
  • the APN ID includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.
  • the IPv6 extension header includes a destination options header DOH
  • the DOH includes a TLV
  • the TLV of the DOH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.
  • the IPv6 extension header includes a hop-by-hop options header HBH
  • the HBH includes a TLV
  • the TLV of the HBH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.
  • the first forwarding node sends a forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node, including: the first forwarding node generates a notification message, the notification message includes the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path; the first forwarding node sends a notification message to the verification node.
  • the verification node can infer whether there are non-key nodes in the actual forwarding path and the number of non-key nodes in the actual forwarding path based on the sequence position of the received key nodes in the actual forwarding path, thereby achieving the recordability of non-key nodes.
  • any key node can send the forwarding proof and the actual sequence position to the verification node after receiving the data message
  • the verification node can verify the forwarding proof and record the actual sequence position in real time, without having to wait until the data message is transmitted to the last key node to verify the forwarding proof and record the actual sequence position, thus achieving real-time transparent tracking of the data transmission process, and a smaller attack window.
  • the notification message includes a network configuration protocol NETCONF message
  • the NETCONF message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.
  • the above method supports the scenario where the management plane protocol transmits forwarding proof and actual sequence position.
  • the notification message includes a Hypertext Transfer Protocol HTTP message, and the payload field in the HTTP message includes the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.
  • the above method supports scenarios where data plane protocol transmission forwarding proof and actual sequence position are required.
  • the above method provides a fast and high-performance method for obtaining the expected sequence position based on the data plane. Since the forwarding node can obtain the expected sequence position based on the segment list carried in the received data message, there is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reducing the performance overhead caused by the forwarding node to look up the table to determine the expected sequence position.
  • the first data packet includes a path identifier
  • the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path, including: the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path based on the path identifier and a corresponding relationship saved by the first forwarding node, and the corresponding relationship includes the path identifier and the sequential position of the first forwarding node in the expected forwarding path.
  • the above method provides a method for obtaining the expected sequence position by combining the path identifier carried in the data plane and the corresponding relationship provided by the control plane. Since the data message does not need to carry the expected sequence position of each key node, the overhead of data message transmission is further reduced on the basis of supporting path verification.
  • the method before the first forwarding node obtains the first data packet, the method further includes: the first forwarding node receives the sequential position of the first forwarding node in the expected forwarding path from the path planner.
  • the path planner pre-distributes the expected sequence position in the forwarding path before forwarding the data message, there is no need to carry the expected sequence position of each key node in the data message, and the forwarding node can also know the expected sequence position, thereby further reducing the overhead of data message transmission on the basis of supporting path verification.
  • the first forwarding node obtains a first data packet, including: the first forwarding node receives the first data packet from a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the forwarding path, and the first data packet includes a forwarding proof of the second forwarding node; the method also includes: the first forwarding node verifies the forwarding proof of the second forwarding node based on a first vector commitment, identity information of the second forwarding node, and a sequential position of the second forwarding node in the expected forwarding path, the first vector commitment indicating a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, and the at least two key nodes include the second forwarding node.
  • the forwarding proof of the previous forwarding node By verifying the forwarding proof of the previous forwarding node, it is possible to confirm whether the sequence position of the previous forwarding node is the expected sequence position, whether the previous forwarding node is the expected forwarding node, and support verification of the correctness of the previous hop source.
  • network attack scenarios such as route hijacking, route injection, and traffic detour, if the attacker redirects the traffic to the path specified by the attacker, the forwarding proof cannot be verified, so that network attacks in data packets can be discovered in time, reducing the risks caused by incorrect data sources.
  • each node since the verification of each node is based on the verification of the previous hop, it is equivalent to forming a continuous verification chain, thereby reducing the probability of any hop node in the forwarding path disguising, deceiving, or tampering with the data packet, improving the security of the network.
  • the path planner is a source host that generates payload data of the first data packet; or, the path planner is the first forwarding device in the expected forwarding path.
  • the above method supports scenarios where the source terminal calculates the path or the head node on the network side calculates the path, and has richer application scenarios.
  • a method for verifying a forwarding certificate comprising:
  • the sequence position and identity of the next AS to which the data message may be forwarded can be verified in advance before the data message is actually forwarded, thereby reducing the security risk of business data transmission caused by data messages entering an unexpected AS.
  • the above method provides a fast and high-performance method for obtaining the actual sequence position of the AS based on the data plane. Since the forwarding node can obtain the actual sequence position of the verified AS based on the segment list carried in the received data message, there is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reducing the performance overhead caused by the forwarding node to look up the table to determine the expected sequence position.
  • the AS list in the data message indicates each AS through which the expected forwarding path passes, it not only supports path verification based on the expected sequence position of the AS, but also realizes the fault tolerance of AS-level path verification. There is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reduces the performance overhead caused by the forwarding node looking up the table to determine the expected sequence position.
  • the first data packet carries the second vector commitment.
  • Vector commitment is equivalent to the reference value used to compare with the forwarding proof when verifying the forwarding proof. Since vector commitment is carried by data packets, it reduces the storage resource overhead caused by the forwarding node to pre-save vector commitments, and also reduces the performance overhead caused by the forwarding node to determine the vector commitment table match.
  • the first data message includes an Internet Protocol version 6 IPv6 extension header, and the IPv6 extension header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,
  • the first data message includes a multi-protocol label switching MPLS header, and the MPLS header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,
  • the first data message includes an Internet Protocol security IPsec header, and the IPsec header carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment.
  • the destination IP address of the first data message includes the first IP address
  • the method further includes: the first forwarding node receives a routing protocol message from the verified AS, the routing protocol message carries the first IP address and the identity information of the verified AS; the first forwarding node saves the first corresponding relationship, the first corresponding relationship includes the first IP address and the identity information of the verified AS;
  • the method further includes: the first forwarding node obtains identity information of the verified AS based on the first IP address and the first corresponding relationship.
  • the method further includes: the first forwarding node obtains the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second corresponding relationship.
  • the above method supports the method in which the path planner pre-notifies the sequence position of the verified AS and the identity information of the verified AS.
  • At least two key nodes also include a second forwarding node, which is a key node located upstream of the first forwarding node in the expected forwarding path, and a processing unit is used to obtain a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.
  • a processing unit is used to obtain a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding
  • the first forwarding node is the last key node in the expected forwarding path
  • the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node.
  • the processing unit is further configured to obtain a sequential position of the first forwarding node in the actual forwarding path based on the first data message;
  • the device also includes: a sending unit, which is used to send the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node.
  • the verification node includes a third forwarding node, which is a key node located downstream of the first forwarding node in the expected forwarding path; the processing unit is also used to obtain a second data packet based on the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data packet including the payload of the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; the sending unit is used to send the second data packet to the third forwarding node.
  • the processing unit is also used to obtain a second data packet based on the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data packet including the payload of the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; the sending unit is used to send
  • a forwarding proof verification device comprising: an acquisition unit, used to acquire a forwarding proof of a first forwarding node, a first vector commitment, identity information of the first forwarding node, and a sequential position of the first forwarding node in an expected forwarding path, the first vector commitment indicating a correspondence between the sequential positions of at least two key nodes in the expected forwarding path and the identities of the at least two key nodes, the at least two key nodes including the first forwarding node, the identity information of the first forwarding node indicating the identity of the first forwarding node, and the forwarding proof of the first forwarding node being used to prove that the first forwarding node is in the sequential position of the first forwarding node in the expected forwarding path; a verification unit, used to verify the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the sequential position of the first forwarding node.
  • a forwarding proof verification device is provided, the device is arranged at a first forwarding node, and the device further includes:
  • An acquiring unit configured to acquire a first data message, wherein the first forwarding node is deployed at a boundary of a first autonomous domain AS;
  • a processing unit configured to obtain a forwarding certificate of the verified AS based on a sequence position of the verified AS and identity information of the verified AS, wherein the identity information of the verified AS indicates an identity of the verified AS;
  • the processing unit is further used to verify the forwarding proof of the verified AS based on the second vector commitment, the sequential position of the verified AS and the identity information of the verified AS, wherein the second vector commitment indicates the correspondence between the identity information of each AS in at least two ASs and the sequential position of each AS.
  • the verified AS includes at least one of a neighbor AS of the first AS, the first AS, or each AS from the source AS to the first AS, the neighbor AS includes the previous AS of the first AS in the actual forwarding path of the first data packet and/or the next AS of the first AS in the reachable path of the destination IP address of the first data packet, the source AS is the AS that communicates with the source host, and the source host is a device that generates payload data of the first data packet.
  • the sequential position of the verified AS includes the expected sequential position of the verified AS or the actual sequential position of the verified AS
  • the expected sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the expected forwarding path of the first data packet passes
  • the actual sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the actual forwarding path of the first data packet passes.
  • the verified AS includes a neighbor AS of the first AS
  • the first data packet carries the actual sequential position of the first AS
  • the actual sequential position of the verified AS is obtained based on the actual sequential position of the first AS and the sequential relationship between the first AS and the verified AS.
  • the verified AS includes a first AS
  • the first data message carries the actual sequential position of the first AS.
  • the first data packet carries an AS list
  • the AS list includes the identity information of each AS through which the expected forwarding path of the first data packet passes
  • the expected sequential position of the verified AS is obtained based on the sequential position of the identity information of the verified AS in the AS list.
  • the first data packet carries the second vector commitment.
  • the first data message includes an Internet Protocol version 6 IPv6 extension header
  • the IPv6 extension header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment;
  • the first data message includes a network service message header NSH, the NSH includes a metadata field, and the metadata field carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,
  • the first data message includes a multi-protocol label switching MPLS header, and the MPLS header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,
  • the first data message includes a virtualized extended local area network VxLAN header, and the VxLAN header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,
  • the first data message includes an Internet Protocol security IPsec header, and the IPsec header carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment.
  • the destination IP address of the first data message includes the first IP address
  • the acquisition unit is further used to receive a routing protocol message from the verified AS, where the routing protocol message carries the first IP address and identity information of the verified AS;
  • the processing unit is further used to save the first corresponding relationship, where the first corresponding relationship includes the first IP address and the identity information of the verified AS;
  • the obtaining unit is further used to obtain the identity information of the verified AS based on the first IP address and the first corresponding relationship.
  • the first data message carries a path identifier
  • the path identifier is used to identify the expected forwarding path
  • the acquisition unit is further used to receive a notification message from the path planning party, the notification message carries the path identifier, the sequential position of the verified AS, and the identity information of the verified AS;
  • the processing unit is further used to save the second corresponding relationship, where the second corresponding relationship includes the path identifier, the sequential position of the verified AS, and the identity information of the verified AS;
  • the acquisition unit is further used to obtain the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second corresponding relationship.
  • a forwarding device which includes a processor, the processor is coupled to a memory, at least one computer program instruction is stored in the memory, and the at least one computer program instruction is loaded and executed by the processor, so that the forwarding device executes the method provided by the first aspect or any optional method of the first aspect, the method provided by the second aspect or any optional method of the second aspect, or the method provided by the third aspect or any optional method of the third aspect, and the network interface is used to receive or send messages.
  • the specific details of the forwarding device provided in the seventh aspect can be found in the method provided by the first aspect or any optional method of the first aspect, the method provided by the second aspect or any optional method of the second aspect, or the method provided by the third aspect or any optional method of the third aspect, and the network interface is used to receive or send messages, which will not be repeated here.
  • a computing device comprising a processor, the processor being coupled to a memory, the memory storing at least one computer program instruction, the at least one computer program instruction being loaded and executed by the processor, so that the computing device implements the method provided in the first aspect or any optional manner of the first aspect, the method provided in the second aspect or any optional manner of the second aspect, or the method provided in the third aspect or any optional manner of the third aspect.
  • the specific details of the computing device provided in the eighth aspect can be found in the method provided in the first aspect or any optional manner of the first aspect, the method provided in the second aspect or any optional manner of the second aspect, or the method provided in the third aspect or any optional manner of the third aspect, and will not be repeated here.
  • a computer-readable storage medium which stores at least one instruction.
  • the computer executes the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.
  • a computer program product which includes one or more computer program instructions.
  • the computer program instructions When the computer program instructions are loaded and executed by a computer, the computer executes the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.
  • a chip comprising a memory and a processor, the memory being used to store computer instructions, and the processor being used to call and run the computer instructions from the memory to execute the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.
  • a network system which includes the apparatus of the fourth aspect and the apparatus of the fifth aspect.
  • FIG1 is a schematic diagram of an application scenario provided by an embodiment of the present application.
  • FIG2 is a schematic diagram of a path verification method provided in an embodiment of the present application.
  • FIG3 shows an architecture diagram of a trusted path network system provided by an embodiment of the present application
  • FIG4 shows an architecture diagram of another trusted path network system provided in an embodiment of the present application.
  • FIG5 shows an architecture diagram of another trusted path network system provided in an embodiment of the present application.
  • FIG6 is a schematic diagram of an application scenario provided by an embodiment of the present application.
  • FIG7 is a schematic diagram of a message format provided in an embodiment of the present application.
  • FIG8 is a schematic diagram of a message format provided in an embodiment of the present application.
  • FIG9 is a schematic diagram of a scenario of transmitting data streams between ASs provided in an embodiment of the present application.
  • FIG10 is a flow chart of a path verification method provided in an embodiment of the present application.
  • FIG. 11 is a schematic diagram of the structure of a device for obtaining a forwarding certificate provided in an embodiment of the present application.
  • FIG. 12 is a schematic diagram of the structure of a verification device for forwarding proof provided in an embodiment of the present application.
  • FIG. 13 is a schematic diagram of the structure of a device for obtaining a forwarding certificate provided in an embodiment of the present application.
  • FIG. 14 is a schematic diagram of the structure of a device provided in an embodiment of the present application.
  • the path verification mechanism refers to a technology that supports verification of whether the actual transmission of business data is forwarded along the expected forwarding path.
  • the forwarding proof of the verification object is obtained based on the identity information of the verification object and the sequential position of the verification object, and the forwarding proof of the verification object is verified based on the vector commitment, the identity information of the verification object and the sequential position of the verification object, so as to realize the path verification mechanism.
  • the forwarding node determines that the verification object is the object that the business data is expected to pass through and the sequential position of the verification object meets the requirements of the expected forwarding path, then the forwarding node further forwards the message, if the forwarding proof of the verification object fails, it is determined that the verification object is not the object that the business data is expected to pass through or the sequential position of the verification object meets the requirements of the expected forwarding path, then the forwarding node performs a predetermined processing action other than forwarding the message.
  • the verification object includes a verification object at the device (node) level and a verification object at the autonomous system (AS) level.
  • the verification object at the device level includes at least one of the current node, the neighbor node of the current node, or/and each node passed by the upper half of the path.
  • the verification object at the AS level includes at least one of the current AS, the neighbor AS of the current AS, each AS passed by the upper half of the path, or/and the next AS of the current AS.
  • the path verification mechanism includes a path verification method at the device level and a path verification method at the AS level.
  • the path verification method at the device level includes abstracting each forwarding node passed during the service data transmission process as a verification object, and verifying the forwarding node based on the identity information of the forwarding node and the sequential relationship between the forwarding nodes.
  • the path verification method at the AS level includes abstracting each AS passed during the service data transmission process as a verification object, and verifying the AS based on the identity information of the AS and the sequential relationship between the ASs.
  • one of the two methods is selected to be executed.
  • both the device-level path verification method and the AS-level path verification method are executed.
  • the path verification method that the forwarding node needs to execute is determined according to the network deployment position of the forwarding node.
  • the forwarding node inside the AS executes the device-level path verification method, for example, the forwarding node inside the AS performs path verification for the previous hop node or the next hop node of the node.
  • the forwarding node at the AS boundary executes the AS-level path verification method.
  • the forwarding node at the AS boundary performs path verification for the previous AS or the next AS of the AS.
  • the term "current” mainly refers to the time when the data message (business data) is obtained.
  • the i-th node is the current node
  • the AS where the i-th node is located is the current AS.
  • the neighbor node of the current node refers to the node that has a neighbor relationship with the current node (the node to which the data message is currently transmitted).
  • the neighbor nodes of the current node include the previous node of the current node (also called the previous hop node) or the next node of the current node.
  • the main difference in the method flow executed for different verification objects lies in the different identity information and sequential position used as algorithm input data.
  • the expected forwarding path refers to the forwarding path determined by the path planner before forwarding the data packet.
  • the expected forwarding path is the forwarding path determined by the controller by performing path calculation based on the network topology.
  • the expected forwarding path includes at least two forwarding nodes.
  • the expected forwarding nodes include a key node 1 and a tail node.
  • the expected forwarding path also includes one or more intermediate nodes between the key node 1 and the tail node.
  • the expected forwarding path is, for example, an end-to-end path.
  • the expected forwarding path is represented, for example, in the form of a segment list (segment list), a candidate path (candidate path, CP) or an SR policy (policy).
  • segment list segment list
  • candidate path candidate path
  • SR-MPLS segment routing over multi-protocol label switching
  • the expected forwarding path is represented, for example, by an MPLS label stack.
  • SFC segment routing over multi-protocol label switching
  • the expected forwarding path is represented, for example, by a service function chain.
  • the actual forwarding path refers to the path that the data message actually passes through when forwarding.
  • the actual forwarding path includes each device from the ingress device of the network entered by the data message to the egress device of the network.
  • there are key nodes A, B and C in the actual forwarding path there are non-critical nodes A and B between key nodes A and B in the actual forwarding path, and there are non-critical nodes C between key nodes B and C in the actual forwarding path.
  • the path verification mechanism is usually implemented through the coordination of the path planner, the forwarding node, and the verification node.
  • the path planner is used to determine the vector commitment
  • the forwarding node is used to determine the forwarding proof in the process of forwarding business data
  • the verification node is used to compare the vector commitment with the forwarding proof for verification.
  • the path planner, the forwarding node, and the verification node are physically separated.
  • the path planner is a controller
  • the forwarding node is a forwarding device such as a router or a switch
  • the verification node is an auditing device, a destination host of business data, or a user device.
  • the verification node is deployed outside the forwarding path. The verification node is separated from the forwarding node in the forwarding path and is set on different hardware devices. The verification node does not need to undertake the task of message forwarding.
  • the three entities of the path planner, the forwarding node and the verification node are integrated together.
  • the verification node and the forwarding node are integrated on the same hardware device, which undertakes the task of forwarding the message and verifying the forwarding proof.
  • the verification node is the forwarding node itself, and the forwarding node also serves as the verification node to verify the correctness of the source of the previous hop.
  • the forwarding node when each forwarding node receives a data message, it verifies the forwarding proof of the previous forwarding node carried by the data message, thereby realizing on-path verification.
  • the tail node verifies once that the data message has indeed passed through the expected forwarding path in sequence, without the need for each forwarding node to perform path verification.
  • a forwarding node is also called a forwarding device.
  • a forwarding node refers to a device or a collection of multiple devices used to forward data.
  • a forwarding node is a network device, such as a switch, a router, or a firewall.
  • a forwarding node is a computing device, such as a server or a terminal.
  • a forwarding node is a physical device or a virtual device.
  • a path planner refers to an entity used to plan a forwarding path.
  • the path planner is a controller.
  • the path planner is a source host, and the source host refers to a device that generates a data message, for example, the path planner is a terminal or a server.
  • the path planner is the first forwarding device for a data message to enter a network, such as the first forwarding node in an expected forwarding path, such as a switch or a router.
  • the path planner is the first forwarding device of the network entered by the data message.
  • the path planner is the entry device of the network entered by the data message.
  • a key node is a specific type of forwarding node.
  • the term "key” is mainly defined based on the expected forwarding path.
  • the forwarding node in the expected forwarding path is called a key node
  • the AS where the forwarding node in the expected forwarding path is located is called a key AS.
  • Key nodes are also called forwarding key nodes or expected nodes. Key nodes are forwarding nodes that the business data specified by the path planner needs to pass through during the forwarding process.
  • the expected forwarding path determined by the path planner includes at least two key nodes. Key nodes usually support the ability to calculate forwarding proofs and/or the ability to verify forwarding proofs. For example, key nodes store configuration information related to the calculation of forwarding proofs and/or the verification of forwarding proofs, and activate the functions that enable the calculation of forwarding proofs and/or the verification of forwarding proofs.
  • the key node can calculate the forwarding proof.
  • non-critical nodes support but do not enable the calculation of forwarding proofs and/or the verification of forwarding proofs.
  • Non-critical nodes are, for example, old devices, devices with weak capabilities, or devices produced by third-party network manufacturers.
  • a non-critical node is a Layer 2 switch.
  • the controller When arranging the expected forwarding path, the controller does not know in advance which non-critical nodes exist, nor does it arrange the non-critical nodes into the expected forwarding path. In the actual forwarding process, the critical nodes may decide to pass through these non-critical nodes on their own, resulting in the actual forwarding path having more non-critical nodes than the expected forwarding path. For example, please refer to Figure 1, the sequence positions of critical nodes A and B in the expected forwarding path are adjacent. However, when critical node A actually forwards data packets, critical node A does not forward data packets directly to critical node B, but forwards data packets to critical node B through a tunnel, which passes through non-critical nodes a and non-critical nodes b.
  • Non-critical nodes a and non-critical nodes b are used to forward data packets from critical node A to critical node B. Due to the use of tunnel forwarding, the actual forwarding path has more non-critical nodes a and non-critical nodes b than the expected forwarding path.
  • Forwarding path locking is a technical effect that is expected to be achieved by the embodiments of the present application.
  • Forwarding path locking means that during the actual transmission process, the business data is indeed forwarded hop by hop according to the trusted path (expected forwarding path) pre-planned by the path planner, thereby improving the transmission security of the business data.
  • forwarding path locking specifically includes the effects of the correctness of the key node identity and the correctness of the key node sequence relationship.
  • the correctness of the key node identity refers to the match between the identity of the key nodes that the business data passes through during the actual transmission process and the identity of the key nodes expected by the path planner. For example, the path planner expects the business data to pass through N key nodes, and the business data does pass through the N key nodes during the actual transmission process.
  • the path planner determines the vector commitment based on the identity information of the N key nodes in the expected forwarding path
  • the forwarding node determines the forwarding proof based on the identity information of the key node
  • the verification node verifies the forwarding proof based on the vector commitment and the identity information of the key node
  • the vector commitment and the forwarding proof are both bound to the identity information of the key node.
  • the correctness of the key node sequence relationship is also called data forwarding in order, position locking or sequence position binding.
  • the correctness of the key node sequence relationship means that the sequence relationship of each key node in the actual forwarding path is consistent with the sequence relationship of each key node in the expected forwarding path determined by the path planner, and the key nodes in the expected forwarding path cannot be skipped, or additional key nodes that do not appear in the expected forwarding path are passed.
  • the path planner expects that the business data will first pass through key node A, then key node B, and finally key node C.
  • the business data will also first pass through key node A, then key node B, and finally key node C, but it cannot pass through key node C first, then key node B, and finally key node A. It cannot skip key node B and directly reach key node C, or pass through key node D before passing through key node C.
  • the path planner determines the vector commitment based on the sequential positions of N key nodes in the expected forwarding path
  • the forwarding node determines the forwarding proof based on the sequential positions of the key nodes
  • the verification node verifies the forwarding proof based on the vector commitment and the sequential positions of the key nodes, so that both the vector commitment and the forwarding proof are bound to the sequential positions of the key nodes. Based on this, only the forwarding proof determined by the correct sequential positions of the key nodes can pass the verification, and it is difficult for a third party to forge the correct forwarding proof due to the difficulty in obtaining the correct sequential positions of the key nodes, thereby achieving the correctness of the key node identity.
  • the correct forwarding proof p_i can be calculated by the correct identity information of the first key node and the correct sequence position (i) of the first key node, and the forwarding proof is difficult to be forged by others.
  • the forwarding proof 1 obtained based on the identity of key node A and the expected sequence position of key node A (1), the identity of key node B and the expected sequence position of key node B (2), the identity of key node C and the expected sequence position of key node C (3), or the identity of key node D and the expected sequence position of key node D (4) can pass the verification.
  • the actual forwarding path 2 is key node A ⁇ key node B ⁇ key node D.
  • key node D obtains forwarding proof 2 based on the actual sequence position (3) and identity (D). Since the actual sequence position (3) and identity (D) based on forwarding proof 2 do not match, forwarding proof 2 cannot pass the verification.
  • an extra key node E is added to forwarding path 1, and the actual forwarding path 2 is key node A ⁇ key node B ⁇ key node C ⁇ key node E ⁇ key node D.
  • the fault tolerance of node-level path verification means that while achieving path locking, business data is allowed to pass through non-critical nodes during the actual transmission process, reducing the risk of critical nodes downstream of non-critical nodes interrupting business data transmission or outputting alarms due to failure of forwarding proof verification.
  • it supports the existence of one or more critical nodes between two critical nodes in the actual forwarding path, without strictly requiring that the sequential position of each critical node in the expected forwarding path is the same as the sequential position of the corresponding critical node in the actual forwarding path in order for the forwarding proof verification to pass.
  • a typical application scenario where fault tolerance of non-critical nodes is required is when the business data passes through non-critical nodes during the actual forwarding process.
  • the order of at least two critical nodes that the business data is expected to pass through is the same as the order in which the at least two critical nodes actually forward the business data, and the expected sequence position of the at least two critical nodes is different from the sequence position of the at least two critical nodes actually forwarding the business data.
  • the actual forwarding path of the first data message has additional non-critical nodes compared to the expected forwarding path of the first data message.
  • critical node A and critical node B are adjacent in sequence in the expected forwarding path, but critical node A and critical node B establish a tunnel during the actual transmission of business data.
  • Critical node A transmits business data to critical node B through a series of intermediate nodes in the tunnel, resulting in critical node A and critical node B being non-adjacent in sequence in the actual forwarding path.
  • an expected forwarding path is a three-layer forwarding path composed of three-layer forwarding devices.
  • key node B is the next forwarding node of key node A, and key node A actually transmits service data to key node B through a two-layer tunnel.
  • the two-layer tunnel passes through one or more two-layer forwarding devices, resulting in that the sequence positions of key node A and key node B in the actual forwarding path are not adjacent.
  • an expected forwarding path is an SRv6 path composed of SRv6 endpoint devices.
  • Key node B in the SRv6 path is the next SRv6 endpoint device of key node A, and key node A actually transmits service data to key node B through an IP layer tunnel.
  • the IP layer tunnel passes through one or more native IPv6 forwarding devices, resulting in non-adjacent sequential positions of key node A and key node B in the actual forwarding path.
  • the actual forwarding path there exists each native IPv6 forwarding device through which the IP layer tunnel passes between key node A and key node B.
  • the main reason why the key nodes downstream of the non-key nodes fail to verify the forwarding proof is that the path planner calculates the vector commitment based on the sequential position of the key nodes in the expected forwarding path. If the key node uses the sequential position of the key node in the actual forwarding path to calculate the forwarding proof, and uses the vector commitment and the sequential position of the key node in the actual forwarding path to verify the forwarding proof, when the sequential position of the key node in the actual forwarding path is different from the sequential position of the key node in the expected forwarding path (please refer to the following description for the reasons and scenarios for the different sequential positions), the sequential position based on which the vector commitment is calculated deviates from the sequential position based on which the forwarding proof is calculated, resulting in the key node failing to verify the forwarding proof based on the vector commitment.
  • the path planner is usually unable to perceive the sequential position of the key nodes in the actual forwarding path, and the path planner is also unable to perceive the existence of non-critical nodes in the actual forwarding path. Therefore, it is difficult for the path planner to achieve fault tolerance by using the sequential position of the key nodes in the actual forwarding path to calculate the vector commitment.
  • the key node uses the sequential position of the key node in the expected forwarding path to calculate the forwarding proof, and uses vector commitment and the sequential position of the key node in the expected forwarding path to verify the forwarding proof, so that the sequential position based on which the vector commitment is calculated is consistent with the sequential position based on which the forwarding proof is calculated, thereby reducing the risk of interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof based on vector commitment.
  • the sequential position of a key node in an expected forwarding path is also referred to as the expected sequential position of the key node, the expected order, or the relative sequential position of the key node.
  • the sequential position of a key node in an expected forwarding path is used to characterize the sequential relationship between the key node and other key nodes (e.g., the first key node) in the expected forwarding path.
  • the sequential position of a key node in an expected forwarding path can also characterize the order in which the key node forwards data messages compared to other key nodes in the expected forwarding path.
  • the smaller the sequential position of a key node in an expected forwarding path the closer the sequential position of the key node is to the first key node in the expected forwarding path, and the earlier the key node forwards data messages compared to other key nodes.
  • the larger the sequential position of a key node in an expected forwarding path the closer the sequential position of the key node is to the last forwarding node in the expected forwarding path, and the later the key node forwards data messages compared to other forwarding nodes.
  • the data form of the sequential position in the expected forwarding path is a sequence number (also called a serial number), and the sequence number representing the sequential position in the expected forwarding path is referred to as the expected sequence number below.
  • the expected sequence number is a positive integer.
  • the expected sequence number uses an ascending method to represent the order from first to last. For example, for an expected forwarding path passing through N key nodes, the expected sequence number of the first key node is 1, the expected sequence number of the second key node is 2, and so on. Each key node is 1 greater than the expected sequence number of the previous key node, and the expected sequence number of the nth key node is N.
  • the expected sequence number of each forwarding node is represented in descending order. The larger the expected sequence number of the forwarding node_i is, the closer the sequence position of the forwarding node_i is to the first forwarding node of the expected forwarding path, and the earlier the forwarding node_i performs data message forwarding compared to other forwarding nodes.
  • the sequential position of forwarding node_i in the expected forwarding path and the expected sequence number of forwarding node_i are not necessarily in a numerically equal relationship, and the sequential position of forwarding node_i in the expected forwarding path can also be calculated using the expected sequence number of forwarding node_i through a formula or table.
  • the sequential position in the expected forwarding path can also be in other data forms besides the sequence number. As long as the data that can represent the sequential relationship between key nodes can be used as the sequential position in the expected forwarding path, this embodiment does not limit which data form the sequential position in the expected forwarding path uses.
  • the sequence position of the expected forwarding path is determined by the path planner during the path planning stage. For example, the path planner assigns a corresponding sequence position to each key node based on the path planning requirements to characterize the sequence relationship of forwarding data packets by each key node.
  • the sequential position in the expected forwarding path is used to determine the vector commitment, the calculation of the forwarding proof, and the verification of the forwarding proof.
  • the control plane uses the sequential position of each key node in the expected forwarding path when determining the vector commitment and the forwarding plane uses the sequential position of each key node in the expected forwarding path when calculating the forwarding proof.
  • the specific use of the sequential position in the expected forwarding path can be referred to the introduction of the subsequent method embodiments.
  • the sequential position of the actual forwarding path is determined based on TTL.
  • a data message includes an IPv4 header, and the IPv4 header includes a time to live (TTL).
  • TTL time to live
  • the forwarding node_i identifies the value of the TTL and obtains the position i of the forwarding node_i on the forwarding path based on the value of the TTL.
  • the verification phase refers to the verification phase of the proof.
  • the verifier uses the commitment and opening proof to verify that the object that entity A initially committed or selected is indeed the information M. Verification is achieved through the verification function. Verification includes single-point verification and batch verification.
  • vector commitment is used to prove the correctness of the identity information and sequential position of the forwarding node in the actual forwarding path.
  • the path planner is regarded as entity A in the vector commitment technology
  • the information m_i in information M represents the identity information r_i of the key node i
  • i is the expected sequence number of the key node in the expected forwarding path
  • the set B is used to represent a certain section of the trusted path (expected forwarding path).
  • the proof in the vector commitment is specifically a forwarding proof.
  • the most important property of vector commitment is order preservation, that is, the information m_i of the commitment and opening proof must be bound to the position i.
  • Embodiments of the present application relate to the application of vector commitments in device-level path verification and the application of vector commitments in AS-level path verification.
  • first vector commitment or “device-level vector commitment” is used to describe the vector commitment applied in device-level path verification
  • second vector commitment or "AS-level vector commitment” is used to describe the vector commitment applied in AS-level path verification.
  • the device-level vector commitment is, for example, obtained based on the identity information of each forwarding node in the expected forwarding path and the sequential relationship of each forwarding node in the expected forwarding path.
  • the AS-level vector commitment is, for example, obtained based on the identity information of each AS passed through in the expected forwarding path and the sequential relationship of each AS passed through by the expected forwarding path.
  • KZG polynomial commitment is a specific construction method of a vector commitment mechanism with better characteristics.
  • Polynomial commitment is the ability to commit to N points (such as N identity information) on a polynomial curve at one time, and prove and verify that 1 or N points (such as N identity information) are on this polynomial in constant time, and the amount of data committed and the amount of data for each forwarding proof are both constants O(1).
  • KZG polynomial commitment can achieve that the commitment calculation time of entity A to commit to N pieces of information at one time, the time for others to calculate single or multiple open proofs, and the time for others to verify N pieces of information at one time are all sublinear time (actually constant time).
  • Embodiments of the present application relate to the application of forwarding proofs in device-level path verification and the application of forwarding proofs in AS-level path verification.
  • the forwarding proof applied in device-level path verification is described by “first forwarding proof” or “device-level forwarding proof”
  • the forwarding proof applied in AS-level path verification is described by “second forwarding proof” or "AS-level forwarding proof”.
  • the node-level forwarding proof is used to prove that a specific node forwards a data message at a specific sequential position in a forwarding path.
  • the AS-level forwarding proof is used to prove that a specific AS forwards a data message at a specific sequential position in a forwarding path.
  • the forwarding proof includes a single-point forwarding proof (OP) and a multi-point forwarding proof (MP).
  • OP represents a forwarding proof related to a single forwarding node, which is used to prove that a single specific node forwards a data message at a specific sequential position corresponding to the specific node in the forwarding path.
  • OP represents a forwarding proof related to a single AS, which is used to prove that a single specific AS forwards a data message at a specific sequential position corresponding to the specific node in the forwarding path.
  • MP (multi proof) represents a forwarding proof related to multiple forwarding nodes, which is used to prove that each node in a specific path forwards data packets at the corresponding sequential position.
  • MP includes the MP of path AB, the MP of path ABC, and the MP of path ABCD.
  • MP represents a forwarding proof related to multiple ASs, which is used to prove that multiple ASs forward data packets at corresponding specific sequential positions in the forwarding path.
  • a method for obtaining a single-point forwarding certificate is to obtain the single-point forwarding certificate of the verified node based on the sequential position of a single key node of the verified node in the expected forwarding path and the identity information of the single key node of the verified node.
  • the single-point forwarding proof of the verified node is used to prove that the verified node forwarded the data message A and the sequence position of the verified node is correct.
  • key node A obtains forwarding proof A based on the identity information of key node A, the sequence position of key node A in the expected forwarding path, and cryptographic parameters.
  • Forwarding proof A is a single-point forwarding proof, and forwarding proof A is used to prove that key node A forwarded this data message in the expected sequence position.
  • a method for obtaining a multi-point forwarding certificate is to obtain the multi-point forwarding certificate based on the sequential positions of at least two key nodes in an expected forwarding path and the identity information of at least two key nodes.
  • the verified node obtains a first forwarding proof based on the sequential position of the verified node in the expected forwarding path, the identity information of the verified node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the first forwarding proof is used to prove that the verified node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.
  • key node i obtains forwarding proof p_i based on the identity information of each node from key node 1 to key node i, the sequential position of each key node from key node 1 to key node i in the expected forwarding path, and cryptographic parameters.
  • Forwarding proof p_i is a multi-point forwarding proof, and forwarding proof p_i is used to prove that key node 1 forwards a data message at sequence position 1, key node 2 forwards a data message at sequence position 2... and key node i forwards this data message at sequence position i.
  • the sequence position used in determining and verifying the forwarding proof is the sequence position in the expected forwarding path, rather than the sequence position in the actual forwarding path.
  • the sequence position of the three key nodes used in determining and verifying the forwarding proof is the expected continuous sequence position 1, 2, 3, rather than the actual non-continuous sequence position 1, 4, 6. Since the sequence position in the actual forwarding path does not participate in the process of determining and verifying the forwarding proof, the risk of transmission interruption caused by determining and verifying the forwarding proof based on the sequence position in the actual forwarding path is reduced.
  • the forwarding proof of the verified node includes a single-point forwarding proof and a multi-point forwarding proof.
  • the following examples illustrate how to obtain the single-point forwarding proof and the multi-point forwarding proof.
  • one of the single-point forwarding proof and the multi-point forwarding proof is used.
  • a method for obtaining a single-point forwarding certificate is to obtain the single-point forwarding certificate of the verified node based on the sequential position of a single key node of the verified node in the expected forwarding path and the identity information of the single key node of the verified node.
  • the single-point forwarding proof of the verified node is used to prove that the verified node forwarded the data message A and the sequence position of the verified node is correct.
  • key node A obtains forwarding proof A based on the identity information of key node A, the sequence position of key node A in the expected forwarding path, and cryptographic parameters.
  • Forwarding proof A is a single-point forwarding proof, and forwarding proof A is used to prove that key node A forwarded this data message in the expected sequence position.
  • a method for obtaining a multi-point forwarding certificate is to obtain the multi-point forwarding certificate based on the sequential positions of at least two key nodes in an expected forwarding path and the identity information of at least two key nodes.
  • the sequence position used in determining and verifying the forwarding proof is the sequence position in the expected forwarding path, rather than the sequence position in the actual forwarding path.
  • the sequence position of the three key nodes used in determining and verifying the forwarding proof is the expected continuous sequence position 1, 2, 3, rather than the actual non-continuous sequence position 1, 4, 6. Since the sequence position in the actual forwarding path does not participate in the process of determining and verifying the forwarding proof, the risk of transmission interruption caused by determining and verifying the forwarding proof based on the sequence position in the actual forwarding path is reduced.
  • the identity information of forwarding node_i includes the certificate of forwarding node_i.
  • a certificate is a digital credential or electronic document used to prove the identity or authority of an entity.
  • the certificate is issued by a trusted third-party organization, such as a digital certificate authority (CA), and contains identity information (such as a public key) used to verify and identify the specified entity.
  • the certificate content includes the public key, information about the certificate holder (such as name, organization, etc.), or the validity period of the certificate.
  • AS refers to a group of network devices with the same routing policy, which are managed by the same entity. Each AS is assigned an AS number (autonomous system number) in the Internet, so that other network devices can find the corresponding AS based on the AS number. For the sake of simplicity, the embodiments of this application will use the form of "AS+number" to simplify the specific AS, such as an AS is simplified as AS1.
  • AS_path is a path attribute in the BGP protocol.
  • AS_path is usually carried by BGP protocol messages.
  • AS_path is used to record the ASs that are passed from the source AS to the destination AS.
  • AS_path includes a series of AS numbers, which are used to describe all ASs that the BGP protocol message passes through from the source AS to the destination AS.
  • a pair of adjacent ASs in AS_path represents two ASs with upstream and downstream relationships in the forwarding path. According to AS_path, the order relationship between each AS from the source AS to the destination AS can be determined.
  • a BGP protocol message includes an address prefix P1 and AS_path, and the AS_path is [AS 3AS1AS 6], which means that the address prefix P1 is initiated by AS 6, then the address prefix P1 passes through AS1, and finally the address prefix P1 reaches AS 3.
  • AS_path From AS_path, it can be determined that when forwarding a data message with a source address matching the address prefix P1, the order relationship between the three ASs of AS 3, AS1, and AS 6 is AS 6 first, then AS1, and finally AS 3.
  • AS_path please refer to the description in Section 4.3 "Path Attributes" of RFC 4271.
  • the AS list includes the identity information of at least two ASs.
  • the AS list includes the identity information of the ASs where each key node passed in the expected forwarding path is located.
  • the AS list is also used to indicate the expected forwarding order of at least two ASs.
  • the arrangement order of the identity information of each AS in the AS list matches the expected forwarding order of each AS.
  • the sequential position of the identity information of an AS in the AS list identifies the sequential position of the AS in each AS passed by the expected forwarding path.
  • the first AS number in the AS list identifies the first AS passed by the expected forwarding path
  • the second AS number in the AS list identifies the second AS passed by the expected forwarding path, and so on.
  • the following is an example of the application scenario of the device-level path verification method and the corresponding method flow.
  • source address or centralized routing technologies feature the ability for the source host or centralized controller to specify a network path through a series of specific network devices or virtualized network functions.
  • SR technology or SFC both support the function of specifying a network path on the control plane.
  • one challenge is that even if the source host or centralized controller specifies a path on the control plane, the source host or centralized controller cannot know whether the data packet strictly follows this path on the forwarding plane (data plane).
  • network attacks such as route hijacking, route injection, and traffic detour, or network device misconfiguration problems may cause the actual forwarding path on the data plane to deviate from the expected forwarding path on the control plane.
  • route hijacking attack refers to the attacker hijacking and/or diverting network traffic to network devices or ASs controlled by the attacker for monitoring, tampering or interception.
  • Route hijacking attack is also called prefix hijacking attack or Internet protocol (IP) hijacking attack.
  • IP Internet protocol
  • Route injection refers to inputting forged routing information into network devices such as routers, so that the forged routing information is propagated throughout the network.
  • An attacker can change the routing path of the network through route injection, causing the traffic to be redirected to the path controlled by the attacker.
  • Traffic detour refers to the attacker tampering with the configuration of the network device to detour the traffic from the expected path, causing the traffic to be redirected to the path specified by the attacker.
  • the trusted path mechanism (also called secure routing mechanism or path validation mechanism) came into being, which can solve the above problems, so that data packets can and can only be forwarded hop by hop according to the forwarding path planned by the path planner, and can provide publicly verifiable forwarding proof.
  • a complete trusted path mechanism includes two technical parts: path locking mechanism and path validation mechanism, which can also be considered as the coordination of protocols and methods at the control plane and data plane levels.
  • a non-cryptographic traversal proof is used to implement path locking, for example, key node 1 adds a field with an initial value to the header of the data message, and then each forwarding node passed through adds the identity information of the forwarding node to this message, that is, the identity information of all forwarding nodes is used as a forwarding proof.
  • This method cannot generate a forwarding proof with a strong position binding because the forwarding proof has no strong binding relationship with the position of the forwarding node on the forwarding path.
  • the forwarding proof obtained in this scenario can still pass the verification with a certain probability, which shows that the credibility of the forwarding proof is insufficient.
  • the traversal proof may be added by a device outside the forwarding path after the message forwarding is completed. In other words, there is no strong binding relationship between the forwarding proof and the actual message forwarding situation, which results in data messages being forwarded arbitrarily and then being given a forged traversal proof, and the traversal proof obtained at the end point is unreliable.
  • each forwarding node establishes a key pair with the controller, and then each routing node uses cryptography to generate an identity-binding certificate, and then passes the certificate.
  • the problem of counterfeiting has been slightly improved, the position of the forwarding node on the forwarding path is not considered when obtaining the forwarding certificate, and a forwarding certificate with strong position binding cannot be generated, resulting in the same problem as the non-cryptographic traversal proof method: the forwarding certificate is disconnected from the actual forwarding situation of the data message, and there is no strong binding relationship.
  • the data message can be forwarded arbitrarily and then colluded with the forwarding node, and a forged traversal certificate is added to the tail node, resulting in the traversal certificate obtained from the tail node being unreliable. During the transit process, it cannot be guaranteed that it will be forwarded according to the specified forwarding path.
  • the forwarding proof is no longer only related to the identity of the forwarding node, but also to the position of the forwarding node on the forwarding path, so that the correct forwarding proof can be calculated by the correct node when the data message is forwarded to the correct position on the forwarding path, so that the forwarding proof and the actual forwarding situation of the data message have strong binding, and the forwarding proof has public verifiability that is difficult to tamper with, thereby solving the problem of poor credibility of the proof due to the irrelevance of the forwarding proof to the position of the forwarding node on the forwarding path.
  • the above-mentioned implementation method helps to strictly lock the expected forwarding path planned by the path planner, and then verify whether the actual forwarding situation of the data message strictly corresponds to this expected forwarding path.
  • each key node obtains the forwarding proof MP related to multiple key nodes based on a multi-point opening function when receiving data messages in sequence, and verifies the forwarding proof MP related to multiple key nodes based on a batch verification function, thereby verifying whether the order of multiple key nodes is consistent with the expected order of the multiple key nodes at one time.
  • Source correctness refers to verifying the correctness of the source of the data message.
  • Source correctness includes the correctness of the previous hop and the correctness of the first half of the path.
  • the time required to obtain the commitment, the time required to verify the commitment, and the amount of data for forwarding the proof will not increase with the increase in the length of the forwarding path.
  • commitments can still be obtained and verified quickly, thereby greatly improving the efficiency of obtaining and verifying commitments.
  • succinct non-interactive argument of knowledge (SNARK) commitments are used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node.
  • SNARK commitment is a protocol for proving the correctness of a computation and that the inputs held by one party satisfy certain conditions.
  • SNARK proofs are non-interactive, meaning that the prover does not need to interact with the verifier, but only needs to generate a proof and send it to the verifier.
  • SNARK proofs are compact, small in size, and relatively short in verification time.
  • STARK is post-quantum secure, so the use of STARK helps to improve the ability of forwarding proofs to resist quantum computing attacks, and is more reliable in protecting the security of forwarding proofs and identity information.
  • the amount of data of the forwarding proof generated based on STARK is relatively small, which means that the proof can be transmitted with less storage space, and it also has advantages in verification efficiency, such as the next-hop forwarding node or verification node can verify the validity of the forwarding proof in a relatively short time.
  • the forwarding proof or vector commitment is obtained by using the Bulletproof method; or the forwarding proof is verified based on the vector commitment by using the Bulletproof method.
  • Bulletproof is a zero-knowledge proof technology.
  • Bulletproof is a cryptographic primitive used in zero-knowledge proof to prove that a value satisfies a certain relationship without providing additional proof information.
  • Bulletproof also does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proofs or vector commitments, and also has higher security.
  • an RSA accumulator is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node.
  • An RSA accumulator is a data structure used to accumulate the elements of a set into an accumulator so as to subsequently verify whether an element belongs to the set. Based on the RSA addition homomorphic property, an RSA accumulator can verify whether a specific element is contained in an accumulator without disclosing the elements of the set.
  • FC function commitment is adopted to obtain commitment and verify commitment based on the identity information of the forwarding node and the location information of the forwarding node.
  • FC function commitment is a commitment mechanism that is used to bind the input with the calculation result of the function so that the calculation result can be verified without exposing the input.
  • FC function commitment can be implemented by combining the zero-knowledge proof system and the commitment mechanism. It can be used to protect computer privacy and verify the correctness of the calculation result.
  • Pedersen commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node.
  • Pedersen commitment is a commitment mechanism used to commit a value or vector to a hidden value.
  • Pedersen commitment is based on the discrete logarithm problem, so that only the committer who knows the hidden value can verify the correctness of the commitment without revealing the actual value.
  • a merkle tree commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node.
  • Merkle tree commitment is a commitment mechanism used to bind multiple elements in a set into a tree structure. The Merkle tree combines elements level by level through a hash function and generates a root hash, which is a commitment to the entire tree. In the verification phase, it is only necessary to know certain elements in the set and the hash values on the relevant paths to verify whether the elements belong to the tree.
  • a Verkle tree commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node.
  • Verkle tree commitment is a commitment mechanism that is used to bind multiple elements in a set into a non-binary tree structure. The Verkle tree commits the path from the root node to the leaf node in the tree through polynomial commitments and aggregates multiple paths. In the verification phase, it is only necessary to know certain elements in the set and the polynomial commitments on the relevant paths to verify whether the elements belong to the tree.
  • the source of the data message is verified based on an aggregatable signature.
  • the data message contains a digital signature.
  • This signature can be the signature of the previous hop node_i-1, or it can be the aggregated signature of all nodes_1 to node_i-1 in the upper half.
  • the characteristic of the aggregated signature is that the aggregation result of an infinite number of signatures is the same length as one signature. It is known that a public key infrastructure (PKI) exists, that is, the public identity of the node is known, and node_i can verify the correctness of this signature.
  • PKI public key infrastructure
  • the sequential relationship between the key nodes specified by the controller such as the sequential relationship between key node A, key node B and key node C in Figure 1, still needs to be achieved through the corresponding means of forwarding path locking.
  • the non-critical node fault tolerance is mainly based on the sequential position of the critical nodes in the expected forwarding path to determine the vector commitment and determine the forwarding proof implementation.
  • OP can be used to calculate the forwarding proof of a single node
  • MP can be used to calculate the forwarding proof of multiple nodes in a path.
  • the key node records the sequence position of the node in the actual forwarding path during the process of forwarding data packets. Based on the recorded sequence position of the key node in the actual forwarding path, it can be inferred whether there are non-key nodes in the actual forwarding path and the number of non-key nodes in the actual forwarding path, thereby achieving the recordability of non-key nodes.
  • the sequence position of the actual forwarding path is recorded by the key node, it is not necessary to require the non-key node to perform additional actions other than forwarding, and the existence of the non-key node can be recorded indirectly, which has better compatibility.
  • the actual sequence position list is used to record the sequence position of each key node in the actual forwarding path.
  • key node A obtains the sequence position of this node in the actual forwarding path, and writes the sequence position of this node in the actual forwarding path into the actual sequence position list carried by the data message.
  • Key node A forwards the data message containing the list of the actual sequence position of this node to key node B.
  • Key node B writes the sequence position of key node B in the actual forwarding path after the sequence position of key node A in the actual sequence position list, and forwards the list containing the sequence positions of key node A and key node B to key node C.
  • the path planner performs remote attestation secret distribution, where the secret is the identity information of the forwarding node in ciphertext form.
  • the path planner sends the ciphertext of the identity information of the corresponding forwarding node to each of the N forwarding nodes in the expected forwarding path, so that the N forwarding nodes in the expected forwarding path determine the vector commitment based on the received ciphertext of the identity information.
  • a verification node is also called an observer.
  • a verification node is, for example, any device that cares about the credibility of the forwarding path.
  • the verification node is used to verify the forwarding proof calculated by the forwarding node based on the commitment C generated by the controller, the identity of the forwarding node, and the location of the forwarding node.
  • the verification node is unbiased, that is, the observation and verification results of the verification node are the same as the output of the protocol in the correct case.
  • the method shown in Figure 2 involves the interaction between multiple key nodes during the service data transmission process.
  • “key node A” and “key node B” are used to distinguish and describe multiple different key nodes.
  • the method shown in Figure 2 involves the data message processing process performed by multiple forwarding nodes through which the actual forwarding path passes. Since the processing processes performed by different key nodes have commonalities, in order to simplify the description, the method shown in Figure 2 focuses on the processing process performed by two key nodes as an example. Of course, there may be three or more key nodes in the actual forwarding path, and the processing processes performed by more key nodes can refer to the processing processes performed by key node A or key node B.
  • Key node A and key node B are nodes that the expected forwarding path passes through. In other words, when planning the forwarding path, the path planner pre-specifies that the business data must be forwarded through key node A and key node B in sequence.
  • the method shown in FIG2 involves a process of forwarding nodes processing data packets.
  • first data packet is used to describe the data packet that serves as input data
  • second data packet is used to describe the data packet that serves as output results.
  • Both the first data packet and the second data packet carry business data.
  • the destination of the second data packet includes multiple situations.
  • the second data packet is sent to the next forwarding node.
  • the second data packet is output to the application program or operating system of the device and is processed by itself.
  • the method shown in FIG2 relates to an application scenario of how to achieve fault tolerance of non-critical nodes.
  • the sequence of at least two critical nodes in the expected forwarding path of the first data message is the same as the sequence of the at least two critical nodes in the actual forwarding path of the first data message, and the sequence position of at least two critical nodes in the expected forwarding path is different from the sequence position of the at least two critical nodes in the actual forwarding path.
  • the method shown in FIG. 2 includes the following steps.
  • the expected forwarding path includes at least two key nodes.
  • S210 is also called a path selection step.
  • S220 The path planner determines a first vector commitment.
  • key node A obtains data message A.
  • data packet A also carries a trusted path identifier, thereby triggering a determination process and/or a verification process of the forwarding certificate through the trusted path identifier.
  • the following example illustrates the triggering conditions for the subsequent determination of the forwarding proof by key node A.
  • key node A after key node A obtains a data message, key node A, in response to identifying that the data message contains the identifier of each node in a specific tunnel, performs the step of obtaining a forwarding certificate, so as to verify whether the data message is forwarded through the specific tunnel.
  • key node A when applied to an SRv6 scenario, key node A, in response to identifying that the data message carries a segment list, performs the step of obtaining a forwarding certificate.
  • key node A when applied to an MPLS scenario, key node A, in response to identifying that the data message carries a label stack, performs the step of obtaining a forwarding certificate.
  • key node A obtains the sequence position of the verified node in the expected forwarding path and the identity information of the verified node.
  • the verified node refers to the forwarding device that is the object of verification.
  • the verified node includes but is not limited to the current node, the neighboring node of the current node, and each node from the first forwarding node to the current node.
  • the sequence position of the verified node in the expected forwarding path is different from the sequence position of the key node A in the actual forwarding path of the data packet A.
  • the identity information of the verified node indicates the identity of the key node A.
  • the verified node includes a neighbor node of the current node.
  • the verified node is the next node of the current node.
  • the verified node is key node B.
  • Key node A obtains the sequence position of key node B in the expected forwarding path and the identity information of key node B.
  • Key node A obtains forwarding proof A based on the sequence position of key node B in the expected forwarding path and the identity information of key node B.
  • the verified node is the previous node of the current node.
  • the verified node is the key node A.
  • the key node B obtains the sequence position of the key node A in the expected forwarding path and the identity information of the key node A.
  • the key node B obtains the forwarding proof A based on the sequence position of the key node A in the expected forwarding path and the identity information of the key node A.
  • data packet A includes a segment routing header (SRH), the SRH includes a segment list (segment list), the segment list includes the SID of the key node A, and the key node A obtains the sequential position of the verified node in the expected forwarding path based on the sequential position of the SID of the key node A in the segment list. For example, if the SID of the key node A is in the i-th entry in the segment list, the sequential position of the verified node in the expected forwarding path is determined to be i.
  • the sequential position in the expected forwarding path can be obtained relatively quickly, which saves the performance overhead and computing overhead of the forwarding device to obtain the sequential position in the expected forwarding path through table lookup matching, and also saves the storage space occupied in the forwarding device to obtain the sequential position in the expected forwarding path through table lookup matching.
  • the control plane pre-distribution method is mainly implemented based on the interaction between the path planner and the forwarding node. For example, in the process of determining the expected forwarding path, the path planner determines the sequential position of the verified node in the expected forwarding path. The path planner sends the sequential position of the verified node in the expected forwarding path to the key node A. The key node A receives the sequential position of the verified node in the expected forwarding path from the path planner.
  • the action of sending the sequential position of the verified node in the expected forwarding path is implemented based on the management plane protocol.
  • the path planning direction sends a management plane protocol message such as a network configuration protocol (NETCONF) message, a representational state transfer configuration (RESTCONF) message, or a simple network management protocol (SNMP) message to the key node A, and the management plane protocol message carries the sequential position of the verified node in the expected forwarding path.
  • the key node A receives the management plane protocol message and obtains the sequential position of the node in the expected forwarding path carried by the management plane protocol message.
  • NETCONF network configuration protocol
  • RESTCONF representational state transfer configuration
  • SNMP simple network management protocol
  • the path planning direction sends control plane protocol messages such as border gateway protocol (BGP) messages, path computation element protocol (PCEP) messages, or border gateway protocol flow spec (BGP flow specification, referred to as BGP flow spec or BGP FS) to key node A, and the control plane protocol message carries the sequence position of the verified node in the expected forwarding path.
  • Key node A receives the control plane protocol message and obtains the sequence position of the node in the expected forwarding path carried by the control plane protocol message.
  • the path planning direction sends application layer protocol messages such as APN messages and hypertext transfer protocol (HTTP) messages to key node A, and the application layer protocol message carries the sequence position of the verified node in the expected forwarding path.
  • the controller sends the sequential position of each key node upstream of the key node on the expected forwarding path to each key node on the expected forwarding path. For example, the controller sends the sequential position of each key node from the first key node to key node i in the expected forwarding path to key node i.
  • the network administrator configures the sequential position of each key node on the expected forwarding path in advance.
  • the network administrator also configures the sequential position of each key node upstream of the key node on the expected forwarding path at each key node on the expected forwarding path.
  • the configuration information saved by key node i includes the relative position of each key node from key node 1 to key node i in the forwarding path, and key node i obtains the relative position of each key node from key node 1 to key node i from the configuration information.
  • the path planner determines the identity information of the verified node.
  • the path planner sends the identity information of the verified node to the key node A.
  • the key node A receives the identity information from the path planner.
  • the key node B obtains the device-level forwarding proof B based on the sequential position of the verified node in the expected forwarding path and the identity information of the verified node.
  • the verified nodes include the current node (key node B) and the previous node of the current node (key node A), and the key node B obtains forwarding proof B based on the sequence position of the key node A in the expected forwarding path, the identity information of the key node A, the sequence position of the key node B in the expected forwarding path, and the identity information of the key node B, so as to verify whether the key node A forwards the data message in the expected sequence position and whether the key node B forwards the data message in the expected sequence position based on the forwarding proof B.
  • the key node B corresponds to the first forwarding node
  • the key node A corresponds to the second forwarding node.
  • the key node B verifying the correctness of the source of the data message B, the key node B verifies whether the data message B comes from the key node A, and the key node A is the previous key node of the key node B in the expected forwarding path.
  • the key node B verifies the correctness of the single-point forwarding proof OP_i-1 of the key node A carried in the data message B according to the identity information of the key node A, the expected sequence position of the key node A, and the node-level vector commitment, thereby verifying whether the previous hop of the data message B is correct; for another example, the key node B verifies the correctness of the multi-point forwarding proof MP_i-1 of the key node A carried in the data message B according to the identity information of the key node A, the expected sequence position of the key node A, the identity information of the key node B, the expected sequence position of the key node B, and the node-level vector commitment, thereby verifying whether the forwarding path segment that the data message B has passed is correct.
  • the data message source verification step can also adopt other aggregatable proof methods, such as a cryptographic aggregator (accumulator), an aggregatable signature or a MAC tag, etc.
  • the verification node obtains the forwarding proof, the device-level vector commitment, the identity information of the verified node, and the sequential position of the verified node in the expected forwarding path.
  • At least two key nodes include the verified node, the identity information of the verified node indicates the identity of the verified node, and the forwarding proof of the verified node is used to prove that the verified node is in the sequential position of the verified node in the expected forwarding path.
  • the verification node uses the verification function in the vector commitment mechanism to perform operations based on the device-level vector commitment, the identity information of the verified node, the sequential position of the verified node in the expected forwarding path, and the forwarding proof of the verified node.
  • the verification node verifies the forwarding proof from the key node B based on the device-level vector commitment, the identity information of the key node B, and the sequential position of the key node B in the expected forwarding path, so as to determine whether the identity and sequential position of the key node B meet expectations.
  • the verification node verifies the forwarding proof from the key node B based on the device-level vector commitment, the identity information of the key node A, the sequential position of the key node A in the expected forwarding path, the identity information of the key node B, and the sequential position of the key node B in the expected forwarding path, so as to determine whether the identity and sequential position of the key node A and the identity and sequential position of the key node B meet expectations.
  • the benefits achieved include at least the following aspects.
  • the vector commitment itself has position binding, that is, it can reflect the binding relationship between the value of the information and the position of the information in the vector. Therefore, the vector commitment is obtained based on the identity information of the key node and the expected sequence position of the key node, so that the vector commitment is related to both the identity information and the expected sequence position of the key node.
  • the vector commitment can reflect the corresponding relationship between the expected sequence position of the key node on the forwarding path and the identity information. Therefore, when verifying the forwarding proof based on the vector commitment, the identity information, the expected sequence position and the forwarding proof must correspond to each other to pass the verification. The forwarding proof obtained when the identity information does not correspond to the expected sequence position will cause the verification to fail. In other words, only the key node i at the expected sequence position i can calculate the correct forwarding proof p_i, which cannot be forged by others.
  • the vector commitment itself is in the form of ciphertext
  • the identity information and expected sequence position of the key nodes contained in it cannot be directly obtained through the vector commitment itself, and it is also difficult to decrypt or reverse the vector commitment to obtain the identity information and expected sequence position of the key nodes, thereby hiding the identity information and expected sequence position of the key nodes on the forwarding path, thereby improving the privacy and confidentiality of the identity information and expected sequence position of the key nodes.
  • the forwarding path includes n nodes, it will take n times the time to obtain and verify the commitment.
  • a forwarding path containing at least two nodes can be committed at one time. If the forwarding path includes n nodes, it may only take log n or a constant time to obtain and verify the commitment, thereby reducing the risk of the amount of committed data growing superlinearly with the increase in the number of nodes in the forwarding path.
  • the process of obtaining and verifying commitments can be completed more quickly, which can greatly improve efficiency and is more suitable for situations where a large number of nodes are included in the forwarding path.
  • the single-point commitment method cannot bind the identity information and expected sequence position of key nodes. Other methods are needed to achieve position binding, such as using a list to record the expected sequence position.
  • the vector commitment has the ability to bind positions, and can directly bind multiple identity information to the corresponding expected sequence positions, thereby simplifying the verification process.
  • the method provided in this embodiment obtains the forwarding proof by combining the position of the forwarding node on the forwarding path and the identity of the forwarding node, thereby realizing the position binding of the forwarding proof. That is, the forwarding proof is not only related to the identity of the forwarding node, but also to the position of the forwarding node on the forwarding path. Therefore, the correct forwarding proof can be calculated by the correct node when the data message is forwarded to the correct position on the forwarding path, so that the forwarding proof and the actual forwarding situation of the data message are strongly bound.
  • the identity of the node and the position of the node will no longer correspond to each other. Therefore, the forwarding proof obtained based on the identity of the node and the position of the node cannot be verified, thereby improving the credibility of the forwarding proof.
  • the key node not only sends the forwarding proof of the node to the verification node, but also sends the sequential position of the node in the actual forwarding path to the verification node, so as to achieve the recordability of non-key nodes.
  • key node A obtains the sequence position of the first forwarding node in the actual forwarding path as 1 based on data packet A; key node A sends the sequence position 1 to the verification node; key node B obtains the sequence position of key node B in the actual forwarding path as 4 based on data packet B, and key node B sends the sequence position 4 to the verification node; key node C obtains the sequence position of key node C in the actual forwarding path as 6 based on data packet C, and key node C sends the sequence position 6 to the verification node.
  • Transmission mode 1 is equivalent to the in-band mode.
  • a key node forwards a data message, it adds the sequence position of the node in the actual forwarding path to the data message, and forwards the data message containing the service data and the actual sequence position of the node, so that the actual sequence position of the node is transmitted to the next forwarding node of the key node along with the service data.
  • a data message includes a message header and a payload field encapsulated in the inner layer of the message header. The message header carries the actual sequence position of the key node, and the payload field carries the service data.
  • the actual sequence position and the forwarding proof are transmitted to the verification node along with the business data.
  • the verification node is a key node B located downstream of the key node A in the expected forwarding path.
  • the key node A obtains the data message B based on the data message A, the forwarding proof of the key node A, and the sequential position of the key node A in the actual forwarding path.
  • the data message B includes the payload of the data message A, the forwarding proof of the key node A, and the sequential position of the key node A in the actual forwarding path.
  • the key node A sends the data message B to the key node B.
  • the key node A corresponds to the first forwarding node
  • the key node B corresponds to the third forwarding node
  • the data message A corresponds to the first data message
  • the data message B corresponds to the second data message.
  • the verification node is a key node C located downstream of the key node B in the expected forwarding path.
  • the key node B obtains the data message C based on the data message B, the forwarding proof of the key node B, and the sequential position of the key node B in the actual forwarding path.
  • the data message C includes the payload of the data message B, the forwarding proof of the key node B, the sequential position of the key node A in the actual forwarding path, and the sequential position of the key node B in the actual forwarding path; the key node B sends the data message C to the forwarding node C.
  • the key node B corresponds to the first forwarding node
  • the key node C corresponds to the third forwarding node
  • the data message B corresponds to the first data message
  • the data message C corresponds to the second data message.
  • the verification node can obtain the actual sequence position of the key node and the forwarding proof of the key node at the same time by parsing a data message. Therefore, the verification node is more efficient in obtaining the actual sequence position of the key node and the forwarding proof of the key node.
  • data packet A includes a first position list
  • the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path
  • data packet B includes a second position list
  • the second position list includes the first position list and the sequential positions of the first forwarding node in the actual forwarding path.
  • the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the IPv6 extension header.
  • the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the segment routing header (SRH).
  • the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the hop-by-hop options header (HBH).
  • the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the destination options header (DOH).
  • SRH, HBH and DOH are three specific examples of IPv6 extension headers that can carry forwarding proof.
  • the forwarding proof is carried by TLV in the IPv6 extension header.
  • the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in SRH.
  • the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in HBH.
  • the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in DOH.
  • the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the APN header.
  • the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the application-aware network identifier (APN ID) in the APN header.
  • the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the VxLAN header, so that it is applicable to scenarios such as virtualized networks based on the VxLAN protocol or cross-data center interconnection, and the function of verifying the source of data in the VxLAN tunnel is provided.
  • the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the IPSec header, so that the source of data can be verified and securely transmitted under the IPSec protocol.
  • This method is applicable to scenarios such as virtual private networks (VPNs) or secure communications based on the IPSec protocol, and the ability to verify the source of data in the IPSec tunnel is provided.
  • the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the MPLS header.
  • the forwarding path includes a label switching path, and each node in the node_1, node_2...node_N in the forwarding path includes an LSR in the label switching path, so as to verify the source of data and secure transmission under the MPLS protocol.
  • This method is suitable for scenarios such as multi-layer label switching, service provider networks or cross-domain communications based on the MPLS protocol, and provides a mechanism for verifying the source of data in the MPLS network.
  • the forwarding proof is carried by NSH.
  • the actual sequential position of key nodes, forwarding proof, and vector commitment are carried by the metadata field in the NSH.
  • the actual sequential position of the key node, the forwarding proof, and the vector commitment are carried in different fields in the same message header.
  • the data message _i+1 includes an IPv6 extension header
  • the IPv6 extension header includes a forwarding proof of the forwarding node _i and the vector commitment.
  • the IPv6 extension header of the data message _i+1 includes an SRH
  • the SRH includes a first TLV, a second TLV, and a third TLV
  • the first TLV of the SRH includes the forwarding proof of the forwarding node _i
  • the second TLV of the SRH includes the vector commitment.
  • the third TLV of the SRH includes the actual sequential position of the key node; or, the IPv6 extension header of the data message _i+1 includes an APN header, the APN header includes an APN ID, and the APN ID includes the forwarding proof of the forwarding node _i and the vector commitment; or, the IPv6 extension header of the data message _i+1 includes a DOH, the DOH includes a first TLV, a second TLV and a third TLV, the first TLV of the DOH includes the forwarding proof of the forwarding node _i, the second TLV of the DOH includes the vector commitment, and the third TLV of the DOH includes the actual sequential position of the key node; or, the IPv6 extension header of the data message _i+1 includes a HBH, the HBH includes a first TLV, a second TLV and a third TLV, the first TLV of the HBH includes the forwarding proof of the forwarding node _i, the second TLV of the HBH includes the vector
  • data packet _i+1 includes NSH
  • the NSH includes a metadata field
  • the metadata field includes the forwarding proof of forwarding node _i and the vector commitment
  • data packet _i+1 includes an MPLS header
  • the MPLS header includes the forwarding proof of forwarding node _i and the vector commitment
  • data packet _i+1 includes a VxLAN header
  • the VxLAN header includes the forwarding proof of forwarding node _i and the vector commitment
  • data packet _i+1 includes an IPsec header, the IPsec header includes the forwarding proof of forwarding node _i and the vector commitment.
  • placing the forwarding proof and vector commitment in the same message header helps to simplify the format and structure of the message. In this way, there is no need for an additional header to carry the forwarding proof and vector commitment separately, reducing the complexity and redundancy of the message.
  • placing the forwarding proof and vector commitment in the same message header can simplify the node's processing logic for the message. For example, after receiving the data message _i+1, node_i only needs to parse the message header once to obtain the forwarding proof and vector commitment information. In this way, the processing logic of node_i is clearer and simpler, reducing the complexity of the processing process.
  • each key node uses the forwarding proof calculated by the node to replace the forwarding proof carried in the message header of the data message. For example, key node B receives data message A carrying forwarding proof A. After key node B calculates and obtains forwarding proof B, it uses forwarding proof B to replace the forwarding proof A carried in data message A, so as to obtain data message B, which does not include forwarding proof A but includes forwarding proof B. Similarly, key node C receives data message B carrying forwarding proof B.
  • key node C After key node C calculates and obtains forwarding proof C, it uses forwarding proof C to replace the forwarding proof B carried in data message A, so as to obtain data message C, which does not include forwarding proof B but includes forwarding proof C.
  • forwarding proof C By replacing the forwarding proof calculated by the previous node with each key node, the data message only needs to carry one forwarding proof, which avoids the data message from carrying too much data due to the need to carry the forwarding proof of each key node passed along the way, which helps to save the transmission overhead of the data message and the occupied bandwidth resources.
  • each key node after calculating and obtaining the forwarding proof, each key node adds the forwarding proof calculated by the node to the message header of the data message.
  • key node B receives data message A carrying forwarding proof A.
  • key node B calculates and obtains forwarding proof B, it adds forwarding proof B after forwarding proof A carried in the data message to obtain data message B, which includes forwarding proof A and forwarding proof B.
  • key node C receives data message B carrying forwarding proof A and forwarding proof B.
  • key node C calculates and obtains forwarding proof C, it adds forwarding proof C after forwarding proof A and forwarding proof B carried in the data message to obtain data message C, which includes forwarding proof A, forwarding proof B, and forwarding proof C.
  • the data message can carry the forwarding proof of each key node passed along the way, and can verify the identity and sequential position of each key node that the data message has passed, so it is more credible.
  • the second method of transmitting the actual sequence position is to construct an independent message to notify the actual sequence position of the key nodes.
  • the first forwarding node generates a notification message, which carries the forwarding proof of the first forwarding node and the sequence position of the first forwarding node in the actual forwarding path; the first forwarding node sends the notification message to the verification node.
  • the notification message is a management plane protocol message.
  • the notification message is a NETCONF message
  • the NETCONF message carries the forwarding proof of the first forwarding node and the sequence position of the first forwarding node in the actual forwarding path.
  • the notification message is a control plane protocol message.
  • the notification message is a control plane protocol message based on border gateway protocol flow spec (BGP flow specification, referred to as BGP flow spec or BGP FS), path computation element protocol (PCEP), BGP monitoring protocol (BGP monitoring protocol, BMP), network flow (netstream) protocol or border gateway protocol (BGP) and the like.
  • the notification message is an application layer protocol message, including a Hypertext Transfer Protocol (HTTP) message
  • the payload field in the HTTP message includes the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.
  • HTTP Hypertext Transfer Protocol
  • the first forwarding node is the last key node in the expected forwarding path
  • the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node
  • the embodiment of the present application provides three verification modes of forwarding proof.
  • the determination method and transmission method of forwarding proof in different verification modes are different.
  • the following further illustrates the determination method and transmission method of forwarding proof in combination with the three verification modes.
  • the real-time verification mode and the on-path verification mode are further subdivided into two sub-modes: single-point and multi-point.
  • the end point verification mode does not have a single-point mode but a multi-point mode.
  • Verification mode 1 real-time verification (postcard) mode
  • the real-time in real-time verification means that the time point of verifying the forwarding proof is real-time relative to the time point of receiving the data message.
  • the key node calculates a forwarding proof and sends the forwarding proof to the verification node in an out-of-band manner, that is, the single-point forwarding proof is not sent along the actual forwarding path of the business data itself.
  • the verification node deployed outside the actual forwarding path verifies the forwarding proof in real time, and the key node does not need to verify the forwarding proof.
  • the real-time verification mode specifically includes a verification mode for single-point forwarding proof (OP sub-mode for short) and a verification sub-mode for multi-point forwarding proof (MP sub-mode for short).
  • OP sub-mode for short
  • MP sub-mode for multi-point forwarding proof
  • each key node calculates the single-point forwarding proof of this node and sends the single-point forwarding proof.
  • the identity information of the previous key node or multiple upstream key nodes is not required.
  • each key node When adopting the verification mode for multi-point proof in the real-time verification mode, each key node obtains the identity information of the upstream key node r_1 to the key node r_i-1 through control plane pre-distribution, data packets carrying business data, or other means.
  • the sequence positions used by both are the sequence positions in the expected forwarding path, such as 1, 2, 3, 4, and the sequence positions used by both are not the sequence positions in the actual forwarding path.
  • the sequence position of the key node in the actual forwarding path does not participate in the calculation process of the forwarding proof and the verification process of the forwarding proof.
  • the sequence position of the key node in the actual forwarding path is used for evidence storage.
  • the key node when a real-time verification mode is adopted, whether a verification mode for single-point proof or a verification mode for multi-point proof is adopted, the key node sends the sequential position of the node in the actual forwarding path to the verification node to achieve the record keeping of non-key nodes.
  • FIG. 3 shows an architecture diagram of a trusted path network system provided by an embodiment of the present application.
  • the system 10 shown in Figure 3 includes a controller, a key node, and a verification node.
  • the expected forwarding path passes through four key nodes.
  • Key node 1 is a head node
  • key node 4 is a tail node
  • key node 2 and key node 3 are both intermediate nodes.
  • the verification node is connected to key node 1, key node 2, key node 3, and key node 4 in Figure 3 through a communication network.
  • the verification node is the controller in Figure 3.
  • the controller and the verification node in the system shown in Figure 3 are integrated on the same device. In other words, the controller not only performs the steps of obtaining vector commitments and sending vector commitments, but also performs the steps of verifying the forwarding proof.
  • key node 1 constructs a new data message based on the payload data.
  • the message header of the data message carries the trusted path identifier and path information
  • the path information carries the identity information of each key node in the expected forwarding path
  • the payload field of the data message carries the payload data.
  • Key node 1 uses the open function to calculate the single-point forwarding proof OP_1 of this node; or, key node 1 uses the batchopen function to calculate the multi-point forwarding proof MP_1 of this node; key node 1 obtains the sequential position of this node in the actual forwarding path; key node 1 sends the sequential position of this node in the actual forwarding path and the forwarding proof of this node to the verification node outside the actual forwarding path, and key node 1 forwards the data message to the second key node.
  • the verification node executes the verification function Verify(C,i,r_i,OP_i) in the vector commitment mechanism based on the input vector commitment C, the identity information r_i of the i-th key node, the sequential position i of the i-th key node in the expected forwarding path, and the single-point forwarding proof OP_i calculated by the i-th key node, that is, verifies that the identity information of the i-th key node with the sequential position is r_i.
  • C represents the vector commitment
  • i represents the sequential position in the expected forwarding path
  • r_i represents the identity information of the i-th key node
  • OP_i represents the single-point forwarding proof calculated by the i-th key node.
  • the i-th key node uses the identity information of each node from the first key node r_1 to the current node r_i and the sequential position of each node from the first key node r_1 to the current node r_i in the expected forwarding path as input to calculate a multi-point forwarding proof MP_i; the i-th key node sends the multi-point forwarding proof MP_i and the sequential position of the current node in the actual forwarding path to the verification node located outside the actual forwarding path.
  • C represents vector commitment
  • r_B represents the set of identity information of each node from the first key node r_1 to the current node r_i
  • B represents the set of sequential positions of each node from the first key node r_1 to the i-th key node r_i in the expected forwarding path
  • MP_i represents the multi-point forwarding proof calculated by the i-th key node.
  • the key node constructs an additional separate data message in the process of transmitting business data.
  • the data message is used to carry the actual sequence position of the node and the forwarding proof of the node.
  • the data message does not need to carry business data.
  • the key node sends the data message to the outside. For example, when business data is transmitted to the i-th key node, the data message sent by the i-th key node to the outside includes the following content.
  • the real-time verification mode provided by this embodiment, since each key node along the way during the actual transmission of the data message calculates the forwarding proof of this node and sends the forwarding proof of this node to the outside, the identity and sequential position of each key node actually passed by the data message can be verified, so that security can be guaranteed hop by hop.
  • any key node can perform the calculation of the forwarding proof and send the forwarding proof after receiving the data message, the observer can obtain and verify the forwarding proof in real time. Compared with the end point verification mode, it is not necessary to wait until the data message is transmitted to the last key node for verification, so that real-time transparent tracking of the data transmission process is realized, and the attack window is smaller.
  • the forwarding proof and the sequential position in the actual forwarding path are sent to the external verification node (observer), the public audit of the forwarding proof and the sequential position in the actual forwarding path is supported. It can be seen that the real-time verification mode can significantly improve the security of the data transmission process.
  • the forwarding proof p_i is, for example, a single-point proof OP or a multi-point proof MP.
  • each key node calculates the single-point forwarding proof OP_i of the node and adds the single-point forwarding proof OP_i to the data message, so that the single-point forwarding proof OP_i and the business data are transmitted to the next key node together.
  • the identity information of the previous key node or multiple upstream key nodes is not required.
  • each key node learns the identity information from the first key node r_1 to the previous key node r_i-1 through control plane pre-distribution, data packets carrying business data, or other means.
  • Each key node calculates the multi-point forwarding proof MP_i of this node based on the identity information and sequential position of each node from the first key node r_1 to this node, and adds the single-point forwarding proof MP_i to the data packet, so that the single-point forwarding proof MP_i and the business data are transmitted to the next key node together.
  • the first key node when adopting the in-path verification mode, regardless of whether the verification mode for single-point proof or the verification mode for multi-point proof is adopted, the first key node adds an actual sequence position list in the data message, and the actual sequence position list carried by each key node i in the data message adds the sequence position of this node in the actual forwarding path, so as to record the actual sequence position of each key node in the first half of the path that the data message has passed.
  • Forwarding node_2 verifies the forwarding proof p_1 of key node 1.
  • Forwarding node_3 verifies the forwarding proof p_2 of forwarding node_2.
  • Key node 4 verifies the forwarding proof p_3 of forwarding node_3 in Figure 3.
  • key node 1 uses the open function to calculate the single-point forwarding proof OP_1 of this node; or, key node 1 uses the batchopen function to calculate the multi-point forwarding proof MP_1 of this node; key node 1 obtains the sequence position of this node in the actual forwarding path; key node 1 constructs a new data message based on the vector commitment, the payload data, the forwarding proof of key node 1, and the sequence position of key node 1 in the actual forwarding path.
  • the message header of the data message carries the trusted path identifier, the vector commitment, the forwarding proof of key node 1, the path information, and the actual sequence position list
  • the path information carries the identity information of each key node in the expected forwarding path
  • the payload field of the data message carries the payload data.
  • the actual sequence position list includes the sequence position of key node 1 in the actual forwarding path.
  • the i-th key node receives data message _i from the (i-1)th key node.
  • the message header of data message _i carries a trusted path identifier, path information, and a forwarding proof of the (i-1)th key node.
  • the path information carries the identity information of each key node in the expected forwarding path.
  • the i-th key node verifies the forwarding proof of the (i-1)th key node carried by the data message.
  • the i-th key node calculates the forwarding proof, and uses the forwarding proof calculated by this node to replace the forwarding proof of the previous key node carried in the message header of data message _i.
  • the i-th key node adds the sequence position of this node in the actual forwarding path to the actual sequence position list carried by data message _i, thereby obtaining data message _i+1.
  • Data message _i+1 carries the payload data in data message _i, the actual sequence position list, and the forwarding proof of the i-th key node.
  • the i-th key node forwards the data message to the (i+1)-th key node. In addition, if the forwarding proof verification of the (i-1)-th key node fails, the i-th key node does not need to calculate the forwarding proof and discards the data message _i.
  • the i-th key node verifies the single-point forwarding proof OP_i-1 of the (i-1)th key node carried in the header of the data message based on the identity information of the (i-1)th key node and the sequential position of the (i-1)th key node in the expected forwarding path; in the process of calculating the forwarding proof of this node, the i-th key node uses the public identity r_i of this node and the sequential position i of this node in the expected forwarding path as input to calculate a single-point forwarding proof OP_i; the i-th key node uses the single-point forwarding proof OP_i to replace the single-point forwarding proof OP_i-1 of the previous key node carried in the header of the data message _i.
  • data message _i also includes the sequential position of each key node from the 1st key node to the i-th key node in the actual forwarding path.
  • the i-th key node verifies the multi-point forwarding proof MP_i-1 of the (i-1)th key node carried by the data message based on the identity information of each key node from the 1st key node to the (i-1)th key node and the sequential position of each key node from the 1st key node to the (i-1)th key node in the expected forwarding path.
  • the i-th key node uses the identity information of each node from the 1st key node r_1 to this node r_i and the sequential position of each node from the 1st key node r_1 to this node r_i in the expected forwarding path as input to calculate a multi-point forwarding proof MP_i; the i-th key node uses the multi-point forwarding proof MP_i to replace the multi-point forwarding proof MP_i-1 of the previous key node carried in the message header of data message _i.
  • the key nodes When adopting the on-path verification mode, the key nodes use the sequence positions in the expected forwarding path when determining the forwarding proof and verifying the forwarding proof of the previous key node, such as 1, 2, 3, 4, and the sequence positions used are not the sequence positions in the actual forwarding path.
  • the sequence position of the key node in the actual forwarding path does not participate in the calculation process of the forwarding proof and the verification process of the forwarding proof.
  • the sequence position of the key node in the actual forwarding path is used for evidence storage.
  • the key node adds the actual sequence position of the node and the forwarding proof of the node to the data message during the transmission of business data, and sends the data message including the business data, the actual sequence position of the node and the forwarding proof of the node to the next key node, so that the actual sequence position of the node and the forwarding proof of the node are transmitted along the forwarding path together with the business data.
  • the data message sent by the i-th key node to the next key node contains the following content.
  • the message header of the data message is used to carry the actual sequence number and forwarding proof as shown below.
  • the on-path verification mode calculates the forwarding proof of each key node passed by the data message during the actual transmission process, and verifies the forwarding proof of the previous key node, so that the identity and sequential position of each key node actually passed by the data message can be verified, so that security can be guaranteed hop by hop.
  • the forwarding proof is included in the message header of the service data message on-path, compared with constructing a data message separately to transmit the forwarding proof, the calculation and communication costs are moderate, and the protocol process and complexity are moderate, which is a compromise solution.
  • each key node be responsible for verifying the single-point forwarding proof of the previous key node.
  • the correctness of the position of the key node can be verified. Since the forwarding proof of each key node is obtained based on the identity information and sequential position, by verifying the single-point forwarding proof of each key node, it is possible to verify whether the key node forwards the data message in the expected sequential position.
  • the verification results of multiple key nodes on the forwarding path can be integrated so that the scope of verification covers the location and identity of each key node on the entire forwarding path, thereby fully verifying the entire forwarding path.
  • the tail node in the forwarding path also serves as an observer.
  • the tail node obtains a forwarding proof based on the relative position of each forwarding node (including the tail node itself) in the forwarding path and the identity information of each forwarding node, and the tail node verifies the obtained forwarding proof.
  • Figure 5 is a schematic diagram of a verification scenario of a forwarding proof under an endpoint verification mode provided by an embodiment of the present application.
  • the scenario shown in Figure 5 is illustrated by taking the forwarding path including 4 forwarding nodes as an example.
  • the key node 4 in Figure 5 is a specific example of a tail node acting as a verification node.
  • the number of forwarding nodes in the forwarding path can be more or less.
  • the number of forwarding nodes in the forwarding path can be only two, and the second forwarding node in the forwarding path (such as node_2 in Figure 5) acts as a verification node.
  • the number of forwarding nodes in the forwarding path is dozens or hundreds, or more.
  • the path information carries the identity information of each key node in the expected forwarding path, where r_i represents the publicly verifiable identity of forwarding node i.
  • the last key node obtains the multi-point forwarding proof MP_N based on the identity information of each node from key node 1 to key node r_N and the sequential position of each key node from key node 1 to key node r_N in the expected forwarding path.
  • the last key node verifies the multi-point forwarding proof MP_N according to the vector commitment mechanism, based on the vector commitment C, the sequential position of each key node in the path information P in the expected forwarding path, and the identity information of each node in the path information P. It executes batch verify(C, MP_N, P), that is, verifies that the identity information of the key node at each sequential position i in the entire actual forwarding path is r_i.
  • the last key node obtains and saves the actual sequential position list from the data message _N.
  • the data message in the case of adopting the endpoint verification mode, whether adopting the verification mode for single-point certification or the verification mode for multi-point certification, since each key node adds the actual sequence position of the node to the data message carrying the business data, the data message not only carries the business data, but also carries the actual sequence position of each key node that the data message has passed.
  • the data message when the data message is transmitted to the i-th key node, the data message includes the following content in addition to the business data.
  • the endpoint verification mode provided in this embodiment does not require calculation of the forwarding proof and verification of the forwarding proof at each key node except the tail node in the forwarding path.
  • the forwarding proof and verification of the forwarding proof are only calculated once at the tail node. Therefore, the overall overhead of all key nodes in the forwarding path is relatively small.
  • the forwarding node saves the overhead of generating and transmitting messages to send the forwarding proof, and also saves the bandwidth occupied when the forwarding proof is transmitted in the network.
  • each key node in the forwarding path for verification is only an example. In other implementations of the present application, it is supported to trace and verify the key nodes within a certain range before the key node on the forwarding path.
  • the verifier can flexibly specify the required traceability range according to actual needs, and different key nodes can be responsible for verifying different parts of the forwarding path, thereby providing a more flexible and adjustable traceability capability.
  • the following is an example of verifying two or three key nodes before the forwarding key node.
  • key node i verifies the forwarding proof based on the vector commitment, the identity information of the two key nodes before key node i in the forwarding path, and the relative position of the two key nodes before key node i, thereby supporting the tracing and verification of the correctness of the two key nodes before the current key node.
  • key node i verifies the forwarding proof based on the identity information of the three key nodes before key node i in the forwarding path, the relative positions of the three key nodes before key node i, and the vector commitment, thereby supporting the tracing and verification of the correctness of the three key nodes before the key node.
  • the fourth key node verifies the forwarding proof received by the fourth key node based on the identity information of the first key node, the relative position of the first key node, the identity information of the second key node, the relative position of the second key node, the identity information of the third key node, the relative position of the third key node, and the vector commitment;
  • the seventh key node verifies the forwarding proof received by the seventh key node based on the identity information of the fourth key node, the relative position of the fourth key node, the identity information of the fifth key node, the relative position of the fifth key node, the identity information of the sixth key node, the relative position of the sixth key node, and the vector commitment.
  • the key node in response to determining that the forwarding proof carried by the data message fails verification, discards the received data message. By discarding the data message whose forwarding proof fails verification, it helps to block the further transmission of data from illegal sources and improve network security.
  • the key node finds that the forwarding proof carried by the data message fails verification, that is, the source of the proof data may have problems, such as the data message skips a node in the path or passes through an extra unspecified node before forwarding to this node, the key node discards the data message, thereby avoiding the message with problematic data source from being further transmitted from this node to the next node, thereby quickly preventing the data message with problematic data source from further propagation, reducing the probability of unauthorized data access and tampering, reducing the possibility of network attacks, and improving network security.
  • the key node in response to determining that the forwarding proof carried by the data message fails to pass verification, the key node outputs an alarm message, and the alarm message is used to indicate that the forwarding proof fails to pass verification.
  • the key node notifies the alarm message to the network management system (NMS), the element management system (EMS) or the controller through the management plane protocol.
  • NMS network management system
  • EMS element management system
  • the key node sends a network configuration protocol (NETCOF) message to the controller, the NETCOF message carries the alarm message, and the NETCOF message indicates that the forwarding proof fails to pass verification.
  • NETCOF network configuration protocol
  • the key node sends a simple network management protocol (SNMP) message to the controller, the SNMP message carries the alarm message, and the SNMP message indicates that the forwarding proof fails to pass verification.
  • SNMP simple network management protocol
  • the key node sends an alarm message indicating that the forwarding proof fails to pass verification to the controller based on telemetry.
  • the key node sends an alarm message indicating that the forwarding proof fails to be verified to the controller based on the representational state transfer principle (RESTful).
  • the key node sends information indicating that the forwarding proof fails to be verified to the controller in the form of a log based on the log management protocol.
  • the key node sends a system logging protocol (Syslog) protocol message to the controller, and the Syslog protocol message carries an alarm message indicating that the forwarding proof fails to be verified.
  • Syslog is a standard UNIX system log management protocol used to send log information generated by a device or application to a remote server.
  • the key node outputs the alarm message in the form of an alarm notification.
  • the alarm notification can be sent through SMS, email, instant messaging tools, etc., so that the administrator or network security team can receive it in time and take corresponding countermeasures.
  • the key node outputs the alarm message in the form of a log record.
  • the key node_i records the information of the data message_i that fails to be verified in the system log.
  • the key node_i sends the alarm message to the controller.
  • the controller provides a visual display of alarm information so that administrators can quickly identify problems and take measures.
  • the key node in response to determining that the forwarding proof passes verification, the key node further forwards the received data message.
  • KZG polynomial commitment is only one possible way to obtain vector commitment. It can not only achieve the effect of forwarding proof and position binding, but also has the advantage of high efficiency. Vector commitment obtained by other means can also achieve the effect of forwarding proof and order binding.
  • fast Reed-Solomon interactive (FRI) commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • FRI commitment is a commitment mechanism used to verify the integrity of polynomials in interactive proof systems. It can quickly verify whether a polynomial satisfies a set of constraints without calculating the entire polynomial item by item.
  • FRI commitments are based on Reed-Solomon codes and interactive proof protocols. By constructing multiple small-scale Reed-Solomon codes and related proofs, the complexity of verifying polynomials is greatly reduced.
  • succinct non-interactive argument of knowledge (SNARK) commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • SNARK commitments are a protocol for proving the correctness of a computation and that the inputs held by one party satisfy certain conditions.
  • SNARK proofs are non-interactive, meaning that the prover does not need to interact with the verifier, but only needs to generate a proof and send it to the verifier.
  • SNARK proofs are compact, small in size, and relatively short in verification time.
  • a scalable transparent arguments of knowledge (STARK) commitment method is used to obtain a forwarding proof or a vector commitment; or a STARK commitment method is used to verify the forwarding proof based on the vector commitment.
  • STARK is a zero-knowledge proof technology. STARK does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proofs or vector commitments, and also has higher security.
  • STARK is post-quantum secure, so the use of STARK helps to improve the ability of forwarding proofs to resist quantum computing attacks, and is more reliable in protecting the security of forwarding proofs and identity information.
  • the amount of data of the forwarding proof generated based on STARK is relatively small, which means that the proof can be transmitted with less storage space, and it also has advantages in verification efficiency, such as the next-hop key node or verification node can verify the validity of the forwarding proof in a relatively short time.
  • Bulletproof is used to obtain forwarding proof or vector commitment; or Bulletproof is used to verify forwarding proof based on vector commitment.
  • Bulletproof is a zero-knowledge proof technology.
  • Bulletproof is a cryptographic primitive used in zero-knowledge proof to prove that a value satisfies a certain relationship without providing additional proof information.
  • Bulletproof also does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proof or vector commitment, and also has higher security.
  • RSA accumulators are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • RSA accumulators are a data structure used to accumulate the elements of a set into an accumulator so as to subsequently verify whether an element belongs to the set. Based on the RSA addition homomorphic property, RSA accumulators can verify whether a specific element is contained in an accumulator without disclosing the elements of the set.
  • FC function commitment is adopted to obtain and verify commitment based on the identity information of key nodes and the relative positions of key nodes.
  • FC function commitment is a commitment mechanism that is used to bind the input with the calculation result of the function so that the calculation result can be verified without exposing the input.
  • FC function commitment can be implemented by combining the zero-knowledge proof system and the commitment mechanism. It can be used to protect computer privacy and verify the correctness of calculation results.
  • Pedersen commitment is used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • Pedersen commitment is a commitment mechanism used to commit a value or vector to a hidden value.
  • Pedersen commitment is based on the discrete logarithm problem, so that only the committer who knows the hidden value can verify the correctness of the commitment without revealing the actual value.
  • a merkle tree commitment is used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • Merkle tree commitment is a commitment mechanism used to bind multiple elements in a set into a tree structure. The Merkle tree combines elements level by level through a hash function and generates a root hash, which is a commitment to the entire tree. In the verification phase, only some elements in the set and the hash values on the relevant paths need to be known to verify whether the element belongs to the tree.
  • Verkle tree commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes.
  • Verkle tree commitments are a commitment mechanism used to bind multiple elements in a set into a non-binary tree structure. Verkle tree commits the path from the root node to the leaf node in the tree through polynomial commitments and aggregates multiple paths. In the verification phase, only some elements in the set and the polynomial commitments on the relevant paths need to be known to verify whether the element belongs to the tree.
  • the source of the data message is verified based on an aggregatable signature.
  • the data message contains a digital signature.
  • This signature can be the signature of the previous hop key node i-1, or it can be the aggregated signature of all nodes _1 to the key node i-1 in the upper half.
  • the characteristic of the aggregated signature is that the aggregation result of an infinite number of signatures is the same length as one signature.
  • a public key infrastructure (PKI) exists, that is, the public identity of the node is known, and the key node i can verify the correctness of this signature.
  • the source of the data message is verified based on the MAC tag: for example, the data message includes a MAC tag, and the key node i verifies the correctness of the MAC tag.
  • the following is an example of the triggering conditions for calculating the forwarding proof for the forwarding node.
  • the key node_i after the key node_i obtains the data message, the key node_i performs a step of obtaining a forwarding certificate in response to identifying that the data message carries a trusted path identifier.
  • the message header in the data message includes the trusted path identifier.
  • the trusted path identifier is used to indicate obtaining a forwarding proof. For example, the trusted path identifier is used to distinguish whether a key node needs to perform forwarding proof calculation now.
  • a key node By including a trusted path identifier in the header of a data message, a key node is supported to determine whether to calculate a forwarding proof based on the presence or absence of the identifier. For example, if key node_i determines that the data message does not carry a trusted path identifier, key node_i uses the original forwarding mechanism without calculating a forwarding proof.
  • the effects achieved by including a trusted path identifier in the message header include but are not limited to the following aspects.
  • the trusted path identifier provides an optional mechanism that allows key nodes to determine whether to perform forwarding proof calculations based on specific needs and changes in needs, thereby improving flexibility and scalability.
  • the method of including trusted path identifiers in the message header of the data message makes it unnecessary to pre-configure which messages need to generate forwarding proofs on key nodes, thereby simplifying the configuration process and reducing the complexity of configuration. In addition, it also reduces the probability of missing the task of obtaining forwarding proofs for certain messages during manual configuration.
  • the key nodes can determine that there is no need to perform forwarding proof calculations, thereby saving computing resources and time, thereby improving overall network performance and efficiency.
  • key node_i after key node_i obtains a data message, key node_i identifies the service type carried in the data message; in response to identifying that the data message carries data of a specific service type, the step of obtaining a forwarding certificate is executed, thereby realizing a forwarding certificate for a specific service. For example, in response to identifying that the data message contains a network service header (NSH) in the service function chain protocol, key node_i determines that the data message carries data of the service function chain, and then executes the step of obtaining a forwarding certificate. For another example, key node_i performs application identification on the payload data in the data message to obtain the application type corresponding to the payload data. In response to the application type being a target application, the step of obtaining a forwarding certificate is executed. By executing the step of obtaining a forwarding certificate for a specific service, the effects achieved include but are not limited to the following aspects.
  • NSH network service header
  • the key nodes automatically determine whether to generate forwarding proofs by identifying the services carried by the data messages. There is no need to pre-configure which messages need to generate forwarding proofs on key nodes, thereby simplifying the configuration process and reducing the complexity of configuration. In addition, it also reduces the probability of missing the task of obtaining forwarding proofs for certain messages during manual configuration.
  • the key node can determine that there is no need to perform forwarding proof calculations, thereby avoiding wasting computing resources on other data that does not require proof calculations, saving computing resources and time, and improving overall network performance and efficiency.
  • the key node_i after the key node_i obtains the data message, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message contains the identifier of each node in the specific tunnel, so as to verify whether the data message is forwarded through the specific tunnel.
  • the key node_i when applied to the SRv6 scenario, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message carries a segment list.
  • the key node_i when applied to the MPLS scenario, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message carries a label stack.
  • Example 1 Service function chaining (SFC) trusted path protection mechanism based on KZG polynomial proof.
  • Example 1 the service function chain is a specific example of a forwarding path
  • the SF or SFC agent is a specific example of a forwarding node (key node)
  • the NSH in Example 1 is a specific example of a message header carrying a vector commitment and a forwarding proof
  • the SF_from in Example 1 is a specific example of the identity information of a key node.
  • the KZG polynomial commitment is a specific example of a vector commitment.
  • the service function chain is an ordered set of service functions.
  • the service function chain is used to guide each service function to process traffic in an orderly manner on demand.
  • the service function chain is mainly used in NFV virtual networks.
  • network devices play different roles in the entire service function chain system according to the different functions used.
  • the roles of the service function chain mainly include classifier (SC), service function (SF) node, service function forwarder (SFF) node and SFC proxy (SFC proxy) node.
  • the classifier is located at the boundary entrance of the SFC domain. After the message enters the SFC domain, it will first perform traffic classification, set the service identifier and encapsulate the service message header.
  • SF nodes are used to provide business processing services.
  • SF nodes include but are not limited to firewalls (firewall, FW), load balancing (load balancing, LB), intrusion prevention systems (intrusion prevention systems, IPS), application accelerators, network address translation (network address translation, NAT), Web application firewall (Web application firewall, WAF, also known as website application-level intrusion prevention system), bandwidth control, virus detection, cloud storage, deep packet inspection (deep packet inspection, DPI), intrusion detection, hypertext transfer protocol (hyper text transfer protocol, HTTP) header enrichment (HTTP header enrichment), etc.
  • firewalls firewall, FW
  • load balancing load balancing, LB
  • intrusion prevention systems intrusion prevention systems
  • IPS intrusion prevention systems
  • application accelerators network address translation
  • Web application firewall Web application firewall
  • WAF Web application firewall
  • bandwidth control virus detection
  • cloud storage deep packet inspection
  • DPI deep packet inspection
  • intrusion detection hypertext transfer protocol
  • HTTP hypertext transfer protocol
  • HTTP header enrichment HTTP header enrich
  • SF nodes can be divided into NSH-aware SF nodes and NSH-unaware SF nodes.
  • NSH-aware SF nodes can recognize NSH messages and forward them, while NSH-unaware SF nodes cannot recognize NSH messages and discard them.
  • the SFF node is a device connected to the SF service function point.
  • the SFF node is used to identify the service flow information and forward it based on the service flow information.
  • the SFC Proxy node is located between the SFF node and the NSH-unaware SF node associated with the SFF node, and is used to delete or add NSH encapsulation information for the NSH-unaware SF.
  • NSH-aware SF or SFC Proxy is used as the key node, and the vector commitment is constructed using KZG polynomial commitment, and the message header NSH in SFC is used to carry information related to the trusted path.
  • the following is an example of the format of the message header NSH that carries the trusted path related information.
  • NSH is a message header used to identify the SFC protocol. NSH meets a certain fixed format and leaves an extensible optional variable-length metadata (OVLM) data field. This embodiment implements the trusted path message header in OVLM.
  • OVLM variable-length metadata
  • FIG. 7 shows the overall encapsulation format of the data message in the business function chain scenario.
  • the data message includes the original message, transport layer encapsulation (transport encapsulation) and the network service header (NSH).
  • the original message (original packet) is the payload in the data message, and the original message carries the business data being carried.
  • the transport layer encapsulation includes the content of the transport layer protocol (such as TLS). The following is an example of the format of NSH.
  • NSH includes a 4-byte base header and a 4-byte service path header; the base header provides a basic identifier.
  • the service path header provides a path identifier and a position in the current path.
  • NSH also includes a context header.
  • the context header includes an extensible optional variable-length metadata (OVLM) field.
  • the service path header includes a service index (SI) and a service path identifier (SPI).
  • the SPI occupies 24 bits.
  • the service index (SI) indicates the current position of the data message in the forwarding path, and the SI occupies 8 bits.
  • the format of the service path header is shown in Figure 7.
  • the controller after the controller selects a trusted path and calculates commitment C for the trusted path, the controller publicly stores the correspondence between SPI and commitment C in a blockchain or other distributed shared database, and SPI serves as a primary key based on which commitment C is searched.
  • the context header is used to carry values related to the trusted path.
  • the context header includes a commitment C and a forwarding proof p_i, etc.
  • the context header includes a metadata class field, a type field, a length field, and a variable-length metadata field.
  • Variable-length metadata is a variable-length field used to carry metadata related to a specific service or function.
  • the length field is used to indicate the length of the variable-length metadata field.
  • data related to the trusted path is carried by a variable-length metadata field, for example, four types of data, namely, commitment, forwarding proof, identity information, and relative position, are carried by a variable-length metadata field.
  • the three forwarding proof verification modes described above include real-time verification (postcard) mode, on-path verification (passport) mode, and end-point verification (final_only) mode.
  • the single-point proof verification mode in the on-path verification mode with moderate efficiency and security is selected for analysis:
  • variable-length metadata field of each data packet carries a commitment, a forwarding proof, an identifier of the previous SF node, and a list of actual sequential positions.
  • the variable-length metadata field shown in (d) of FIG. 7 includes a commitment field, a P field, a SF_from field, and a real_index_list field, so that the format of the variable-length metadata field is as shown in the following table.
  • the commitment field is used to carry the commitment.
  • the P field is used to carry the forwarding proof. Both the commitment and the forwarding proof are G1 group elements of a pairing friendly curve, so the commitment field and the P field both occupy the byte length of one element (elem_length) in the message.
  • Pairable friendly curves are a type of elliptic curve group with specific mathematical properties that are suitable for pairing operations.
  • pairing refers to mapping points on two elliptic curves to elements on a finite field.
  • curve_ID BLS-12381
  • elem_length 48 bytes. In other words, both the commitment field and the P field are 48 bytes.
  • the SF_from field is used to carry the identifier of the previous hop SF node.
  • the identifier of the previous hop SF node carried by the SF_from field is in plain text.
  • SF node_i receives the identifier of the previous hop SF node sent by the previous hop SF node_i-1, and writes the identifier of the previous hop SF node into the SF_from field.
  • SF node_i receives the identifier of the previous hop SF node from the SFC service layer, and writes the identifier of the previous hop SF node into the SF_from field.
  • the SF_ident_length field is used to indicate the length of the SF_from field.
  • the SF_from field is in bytes, for example.
  • the real_index_list field is used to carry the actual sequential position list.
  • the real_index_list field carries the sequential position of each SF node that is a key node in the forwarding path in the actual forwarding path.
  • the real_index_list field carries the TTL of each SF node that is a key node in the forwarding path.
  • the following example illustrates the steps performed by each node in the path verification mode in the SFC scenario.
  • the controller performs path calculation based on the network topology to determine a forwarding path of length N, which passes through N SF nodes in the service function chain.
  • the controller calculates the vector commitment based on the forwarding path.
  • the controller transforms the vector P into N two-dimensional coordinate points ⁇ (1,r_1),(2,r_2),...,(N,r_N)>.
  • the controller uses the following formula (1) to calculate the Lagrange interpolation polynomial f(X) of these N points.
  • x_i represents the relative position of SF node_i
  • y_i represents the identity information of SF node_i.
  • the controller calculates the secret s using formula (2) to achieve secret initialization.
  • the first SF node receives the vector commitment from the controller; the first SF node constructs a new data message based on the payload data.
  • the payload field of the data message carries the payload data.
  • the first SF node uses the open function to calculate the single-point forwarding proof OP_1 of this node using the following formula (4).
  • C_T is the commitment of the auxiliary polynomial T_y(X) of order N-1.
  • the auxiliary polynomial T_y(X) is determined based on the following formula (5).
  • the first SF node uses the following formula (7) to calculate the single-point forwarding proof OP_1.
  • OP i [T y (s)] 1 ;Formula (7)
  • the first SF node fills the single-point forwarding proof OP_1 into the field P of NSH, fills the identity information of the first SF node into the SF_from field in NSH, and fills the vector commitment C into the commitment field in NSH to obtain data message _2.
  • the first SF node sends data message _2 to the second SF node.
  • SF node_i receives data message_i
  • data message_i contains an NSH, which carries a trusted path identifier, the identity information r_i of the SF node_i currently processing this data message, the sequence position i of SF node_i in the expected forwarding path, and the single-point forwarding proof OP_i-1 of the previous SF node.
  • the sequence position i of SF node_i in the expected forwarding path is obtained based on SI.
  • SF node_i verifies the single-point forwarding proof OP_i-1 carried by the NSH of data message_i based on the identity information of the previous SF node_i-1 and the sequence position i of the previous SF node_i-1 in the expected forwarding path, thereby verifying the source of data message_i.
  • the verification method is based on checking whether the pairing in the following formula (8) is established.
  • Formula (8) is the verification formula of the forwarding proof.
  • e(G_1,G_2)->G_T is a public pairing function
  • g_1, g_2 are generators (both pre-distributed public parameters/functions)
  • SF node_i determines that the pairing in formula (8) does not hold, then it is determined that the single-point forwarding proof OP_i-1 of the previous SF node has failed the verification.
  • SF node_i determines that the pairing in formula (8) holds, SF node_i determines that the single-point forwarding proof OP_i-1 of the previous SF node has passed the verification.
  • SF node _i uses the identity information r_i of this node and the sequence position i of this node in the expected forwarding path as input, and uses formula (4) to calculate a new single-point forwarding proof OP_i.
  • SF node _i uses the single-point forwarding proof OP_i calculated by itself to replace the forwarding proof OP_i-1 of the previous SF node carried in the header of the data message.
  • SF node_i determines the sequential position of this node in the actual forwarding path. For example, SF node_i reads the TTL carried in the message header of the data message, and determines the sequential position of this node in the actual forwarding path based on the TTL; SF node_i fills the sequential position of this node in the actual forwarding path into the actual sequential position list carried by the NSH of the data message.
  • SF node_i discards the data message or outputs an alarm message.
  • SRv6 a flexible protocol that can carry path information and addresses of nodes in the path, is suitable for implementing the multi-point certification verification mode in the on-path verification mode and the multi-point certification verification mode in the endpoint verification mode.
  • the following example illustrates the steps that each node performs when applying the path verification mode in the SRv6 scenario.
  • the endpoint verification mode in SRv6 since the segment list itself carries the identity information of each node and the relative position of each node, there is basically no need to modify the data plane of the SRv6 protocol to carry the identity information and relative position of the nodes.
  • the commitment and public parameters are delivered to the tail node at the application level or control level, and then the tail node verifies the forwarding path based on the existing information at one time.
  • One or more forwarding nodes are usually deployed in an AS.
  • the roles of forwarding nodes deployed at different locations in the AS are different.
  • the forwarding nodes deployed at the border of an AS are used to forward service data between ASs.
  • the forwarding nodes deployed at the border of an AS are also called border network devices.
  • the forwarding nodes deployed at the border of an AS are ASBRs or PEs.
  • the forwarding nodes deployed at the borders of different ASs usually communicate across ASs based on the BGP protocol.
  • the forwarding nodes deployed at the border of an AS include the forwarding nodes deployed at the entrance of the AS and the forwarding nodes deployed at the exit of the AS.
  • the forwarding node deployed at the entrance of the AS is used to forward the service data from the outside of the AS to the inside of the AS.
  • One or more forwarding nodes can be deployed at the entrance of an AS.
  • the forwarding node deployed at the entrance of the AS is also called an entry node, such as an entry PE.
  • the entrance of AS100 is deployed with a forwarding node Q, and the forwarding node Q is used to forward the service data from the source host to the inside of AS100.
  • the entrance of AS200 is deployed with a forwarding node B, and the forwarding node B is used to forward the service data from AS100 to the inside of AS200.
  • the forwarding node deployed at the exit of the AS is used to forward the service data from inside the AS to outside the AS.
  • the forwarding node deployed at the exit of the AS is also called an exit node, for example, an exit PE.
  • the forwarding node deployed at the exit of the AS is also used to select the next AS from multiple neighboring ASs of the AS after receiving the data message, and forward the service data to the forwarding node deployed by the selected AS.
  • key node A is used to select an AS from AS200 and AS 400 as the next AS to which the service data is to be transmitted.
  • the AS that the data message is about to pass through or has passed through belongs to the AS in the planned expected path, so as to reduce the risk caused by the data message passing through an unexpected AS. For example, it can reduce the risk of network transmission quality degradation caused by the data message passing through an AS whose network transmission quality does not meet the requirements (for example, the latency and packet loss rate do not meet the standards), or reduce the security risk caused by the data message passing through an AS whose network security does not meet the requirements (for example, an AS with security risks that has been identified).
  • the forwarding proof of the verified AS is obtained, and the forwarding proof of the verified AS is compared with the vector commitment to determine whether the verified AS is the expected AS and/or whether the sequential position of the verified AS is the expected sequential position, thereby realizing AS-level path verification.
  • the current AS is AS200
  • the neighbor ASs of the current AS include AS200 and AS 400
  • each AS from the source AS to the current AS includes AS100 and AS200.
  • the current AS is AS 300
  • the neighboring ASs of the current AS include AS 200 and AS 400
  • each AS from the source AS to the current AS includes AS 100, AS 200, and AS 300.
  • the forwarding node at the entrance of the current AS is responsible for calculating the forwarding proof of the previous AS of the current AS, and performing path verification on the previous AS of the current AS based on the AS-level vector commitment.
  • path verification By performing path verification on the previous AS of the current AS, it helps to verify whether the source AS of the data message is the expected AS specified by the path planner.
  • the forwarding node at the entrance of the current AS is responsible for calculating the forwarding proof of the current AS, and performing path verification on the current AS based on the AS-level vector commitment.
  • path verification on the current AS it helps to verify whether the AS where the data message is currently located is the expected AS specified by the path planner.
  • path verification on each AS from the source AS to the current AS it helps to verify whether the data message has passed through an unexpected AS along the way in the upper half of the path.
  • the current forwarding node performs path verification based on the identity information of the selected AS and the sequential position of the selected AS in the process of selecting the next AS from multiple neighboring ASs of the current AS. If the verification fails, it can be determined that the selected AS is an unexpected AS, and a predetermined processing action is performed, such as reselecting the next AS from multiple neighboring ASs until the expected AS is selected, or terminating the forwarding of the data message and reporting to the management plane. Due to the use of the verification before forwarding method, the verification of the next AS is performed in advance before forwarding the data message from the current AS to the next AS, thereby reducing the risk caused by the data message entering the unexpected AS from the current AS. For example, the forwarding proof of the selected AS is determined based on the identity information of the selected AS and the sequential position of the selected AS, and the vector commitment is compared with the forwarding proof of the AS to verify whether the selected AS is the AS expected by the path planner.
  • the AS-level vector commitment is a vector commitment at the AS level.
  • the AS-level vector commitment indicates the correspondence between the sequential positions of at least two ASs in the expected forwarding path and the identities of at least two ASs.
  • the path planner calculates the AS-level vector commitment based on the identity information of each AS that the expected forwarding path passes through and the sequential position of each AS.
  • the path planner outputs a commitment C of length k, where k is related to the security parameter lambda.
  • the expected sequential position of the verified AS indicates the sequential relationship between the verified AS and each AS that the expected forwarding path passes through. For example.
  • the expected sequential position indicates the number of ASs that the verified AS passes through in the expected forwarding path.
  • the expected sequential position of the verified AS is the sequential position of the identity information of the verified AS in the AS list, and the AS list includes the identity information of the AS at each key node passed through in the expected forwarding path.
  • the actual sequence position of the verified AS indicates the sequence relationship between the verified AS and each AS passed by the actual forwarding path.
  • the actual sequence position of the verified AS indicates the AS number that the verified AS passes through in the actual forwarding path.
  • How to obtain the identity information of the authenticated AS and the sequence position of the authenticated AS includes the following methods.
  • Method 1 for obtaining the identity information and/or expected sequence position of the authenticated AS The sequence position and/or identity information of the authenticated AS is carried in the data message.
  • the data message is extended to carry the identity information of the verified AS and/or the sequential position of the verified AS in the data message.
  • the sequential position of the current AS is carried in the data message.
  • the key node determines the expected sequential position of the verified AS based on the sequential position of the current AS and the sequential relationship between the current AS and the verified AS. For example, based on the sequential relationship between the current AS and the verified AS, the key node determines that the verified AS is the next AS of the current AS, and adds one to the sequential position of the current AS in the forwarding path to obtain the sequential position of the next AS in the forwarding path, and then performs path verification on the next AS.
  • the first data message carries an AS list
  • the key node A determines the expected sequence position of the identity information of AS200 in the AS list based on the sequence position of the identity information of AS200 in the AS list.
  • the first data message carries the AS list [AS 300AS200AS100]
  • the key node A determines that the sequence position of the identity information of AS200 is 2 based on the fact that AS200 ranks in the second position in the AS list [AS 300AS200AS100].
  • the interaction mode between forwarding nodes is realized by, for example, forwarding nodes in different ASs interacting with each other through routing protocol messages.
  • a border network device deployed in a verified node generates and sends a routing protocol message to a first forwarding node, and the routing protocol message carries a first IP address and identity information of the verified AS; the routing protocol message is, for example, a BGP protocol message.
  • the routing protocol message carries an NLRI field and a path attribute field, and the NLRI field carries the first IP address, and the path attribute field carries the identity information of the verified AS.
  • the first forwarding node receives a routing protocol message from the verified AS; the first forwarding node obtains the first IP address and identity information of the verified AS carried in the routing protocol message.
  • the first forwarding node saves a first corresponding relationship, and the first corresponding relationship includes the first IP address and identity information of the verified AS; after the first forwarding node obtains the first data message, the first forwarding node obtains the identity information of the verified AS based on the first IP address and the first corresponding relationship.
  • the way in which the path planner and the forwarding node interact includes the following steps.
  • Step 1 The path planner generates and sends a notification message to the first forwarding node.
  • the notification message carries the path identifier, the sequence position of the verified AS, and the identity information of the verified AS.
  • Step 2 The first forwarding node receives a notification message from a path planning party.
  • Step three The first forwarding node saves the second corresponding relationship, where the second corresponding relationship includes the path identifier, the sequence position of the verified AS, and the identity information of the verified AS.
  • the first forwarding node saves the second correspondence in the local routing table. After the first forwarding node subsequently obtains the first data message, the first forwarding node obtains the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second correspondence.
  • Method 3 Query the AS topology database to obtain the identity information and/or expected sequence position of the verified AS
  • the format of the data message is extended, and the first data message carries the AS-level vector commitment.
  • the first data message includes an IPv6 extension header, and the IPv6 extension header carries the AS-level vector commitment.
  • the first data message includes an NSH, and the NSH carries the AS-level vector commitment.
  • the carrying position of the AS-level vector commitment in the data message can refer to the carrying position of the first vector commitment in the data message.
  • the verification node uses the verification function in the vector commitment mechanism to perform operations based on the first vector commitment, the identity information of the first forwarding node, the sequential position of the first forwarding node in the expected forwarding path, and the forwarding proof of the first forwarding node.
  • the verification node determines that the forwarding proof of the first forwarding node has been verified, indicating that the first forwarding node is indeed the key node expected by the path planner (the expected forwarding path passes through the first forwarding node) and the sequential position of the first forwarding node in the actual forwarding path meets the requirements of the expected forwarding path.
  • the forwarding proof of the first forwarding node is verified successfully, indicating that the first forwarding node is not the key node expected by the path planner (the expected forwarding path does not pass through the first forwarding node) or the sequence position of the first forwarding node in the actual forwarding path does not meet the requirements of the expected forwarding path.
  • Step S470 If the AS-level forwarding proof verification is passed, key node A forwards the first data message.
  • the key node A when the data message carries the sequence position of the AS, the key node A also updates the sequence position of the AS in the process of forwarding the first data message, so that the next key node performs AS-level path verification based on the updated sequence position of the AS.
  • the first data message carries the sequence position of AS100
  • the key node A updates the sequence position of AS100 in the first data message to the sequence position of AS200 in the AS list to obtain the second data message; the key node A sends the second data message to the forwarding node B.
  • the first data message carries the AS-level TTL
  • the key node A also updates the AS-level TTL during the process of forwarding the first data message.
  • the expected forwarding path of a data packet passes through 5 ASs, and the header of the data packet includes a TTL field. Every time the data packet passes through an AS, the value of the TTL field in the header decreases by 1. For example, when the data packet passes through the first AS, the value carried by the TTL field in the header of the data packet is updated to 254, and when the data packet passes through the second AS, the value carried by the TTL field in the header of the data packet is updated to 253, and so on.
  • Step S480 If the AS-level forwarding proof verification fails, key node A performs a predetermined processing action.
  • the key node A also performs path verification on the reselected next-hop AS to determine whether the reselected next-hop AS is the expected AS and whether the sequence position of the reselected next-hop AS meets the requirements. For example, after the key node A reselects AS 400, it obtains the forwarding proof of AS 400 based on the identity information of AS 400 and the sequence position of AS 400, and verifies the forwarding proof of AS 400 based on the AS-level vector commitment, the identity information of AS 400, and the sequence position of AS 400.
  • the alarm information is used to indicate that the verified AS is illegal.
  • the alarm information includes the identity information of the verified AS and the sequence position of the verified AS.
  • the key node A sends the alarm information to the path planner. Exemplarily, if the forwarding proof of AS 200 and the forwarding proof of AS 400 are both not verified, the key node A discards the first data message and outputs the alarm information.
  • FIG11 is a schematic diagram of the structure of a forwarding proof acquisition device provided in an embodiment of the present application.
  • Device 810 is, for example, provided at forwarding node A-1, forwarding node B-2, or forwarding node C-3 in FIG1.
  • Device 810 is, for example, provided at key node 1, key node 2, key node 3, or key node 4 in FIG3.
  • Device 810 is, for example, provided at key node 1, key node 2, key node 3, or key node 4 in FIG4.
  • Device 810 is, for example, provided at key node 4 in FIG5.
  • Device 810 is, for example, provided at SF node_2, SF node_2, or proxy forwarding node_3 in FIG6.
  • the device 810 includes an acquisition unit 811 and a processing unit 812.
  • the device 810 is, for example, disposed at the key node A in FIG. 2 , and the acquisition unit 811 is used to execute S230 and S240 in the method shown in FIG. 2 ; the processing unit 812 is used to execute S250 in the method shown in FIG. 2 .
  • the device 810 also includes a sending unit 813, and the sending unit 813 is used to execute S260 in the method shown in FIG. 2 and to send data message B.
  • the device 810 is also, for example, disposed at the key node B in FIG. 2 , and the acquisition unit 811 is used to execute S320 and S340 in the method shown in FIG. 2 ; the processing unit 812 is used to execute S350 in the method shown in FIG. 2 , and the sending unit 813 is used to execute S360 in the method shown in FIG. 2 .
  • Each unit in the forwarding proof acquisition device 810 is implemented in whole or in part by software, hardware, firmware or any combination thereof.
  • the processing unit 812 and the acquisition unit 811 are implemented by software functional units generated after at least one processor 901 in FIG. 14 reads the program code stored in the memory 902 .
  • each of the above units in FIG. 11 is implemented by different hardware in the computing device, for example, the processing unit 812 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor.
  • the sending unit 813 is implemented by the network interface 903 in FIG. 14.
  • FIG 12 is a structural diagram of a forwarding proof verification device 820 provided in an embodiment of the present application.
  • the forwarding proof verification device 820 includes an acquisition unit 821 and a verification unit 822.
  • the device 820 is, for example, arranged at the forwarding node A-1, the forwarding node B-2 or the forwarding node C-3 in Figure 1.
  • the acquisition unit 821 is used to execute S270 in the method shown in Figure 2; the verification unit 822 is used to execute S280 in the method shown in Figure 2.
  • the device 820 is, for example, arranged at the observer (verification node) in Figure 3.
  • the device 820 is, for example, arranged at the key node 1, the key node 2, the key node 3 or the key node 4 in Figure 4.
  • the device 820 is, for example, arranged at the key node 4 in Figure 5.
  • the device 820 is, for example, arranged at the SF node_2, the SF node_2 or the proxy forwarding node_3 or the
  • the device embodiment described in FIG12 is merely illustrative.
  • the division of the above-mentioned units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.
  • Each functional unit in each embodiment of the present application may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • Each unit in the verification device 820 of the forwarding certificate is fully or partially implemented by software, hardware, firmware or any combination thereof.
  • the verification unit 822 is implemented by a software functional unit generated by at least one processor 901 in FIG. 14 after reading the program code stored in the memory 902 .
  • each of the above units in FIG. 12 is implemented by different hardware in the computing device
  • the verification unit 822 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor.
  • the acquisition unit 821 is implemented by the network interface 903 in FIG. 14.
  • FIG13 is a schematic diagram of the structure of a forwarding proof verification device 830 provided in an embodiment of the present application.
  • the device 830 is, for example, disposed at the forwarding node A, the forwarding node B-2, or the forwarding node C-3 in FIG9 .
  • the forwarding proof verification device 830 includes an acquisition unit 831 and a processing unit 832.
  • the acquisition unit 831 is used to execute the method S430 and S440 shown in FIG10 ; the processing unit 832 is used to execute S450 and S460 in the method shown in FIG10 .
  • the device embodiment described in FIG. 13 is merely illustrative.
  • the division of the above-mentioned units is only a logical functional division. There may be other division methods in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.
  • Each functional unit in each embodiment of the present application may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • Each unit in the verification device 830 of the forwarding certificate is implemented in whole or in part by software, hardware, firmware or any combination thereof.
  • the acquisition unit 831 and the processing unit 832 are implemented by software functional units generated after at least one processor 901 in FIG. 14 reads the program code stored in the memory 902 .
  • each of the above units in FIG. 13 is implemented by different hardware in the computing device, for example, the processing unit 832 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor.
  • the acquisition unit 831 is implemented by the network interface 903 in FIG. 14.
  • the device 900 includes at least one processor 901 , a memory 902 , and at least one network interface 903 .
  • the device 900 is, for example, a SF node_2, a SF node_2, or a proxy forwarding node_3 in FIG. 6.
  • the device 900 is, for example, a forwarding node A, a forwarding node B-2, or a forwarding node C-3 in FIG. 9.
  • the device 900 includes, for example, the key node A in Figure 2, the network interface 903 is used to execute S230 in the method shown in Figure 2, and the processor 901 is used to execute S240 and S250 in the method shown in Figure 2.
  • the network interface 903 is used to execute S260 in the method shown in Figure 2 and send data message B.
  • the device 900 also includes the key node B in Figure 2, and the network interface 903 is used to execute S320 in the method shown in Figure 2.
  • the processor 901 is used to execute S340 and S350 in the method shown in Figure 2, and the network interface 903 is used to execute S360 in the method shown in Figure 2.
  • the device 900 also includes the verification node in Figure 2, and the network interface 903 is used to execute S270 in the method shown in Figure 2.
  • the processor 901 is used to execute S280 in the method shown in Figure 2.
  • the device 900 also includes the key node A in Figure 10, the processor 901 is used to execute S440, S450 and S460 in the method shown in Figure 10, and the network interface 903 is used to execute S430 in the method shown in Figure 10.
  • the processor 901 is also used to instruct the network interface 903 to execute S470 or S480 in the method shown in Figure 10.
  • the processor 901 is, for example, a general-purpose central processing unit (CPU), a network processor (NP), a graphics processing unit (GPU), a neural-network processing units (NPU), a data processing unit (DPU), a microprocessor, or one or more integrated circuits for implementing the solution of the present application.
  • the processor 901 includes an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof.
  • the PLD is, for example, a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.
  • the memory 902 is, for example, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compressed optical disk, laser disk, optical disk, digital versatile disk, Blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto.
  • the memory 902 exists independently and is connected to the processor 901 through the internal connection 904.
  • the memory 902 and the processor 901 are optionally integrated together.
  • the network interface 903 uses any transceiver-like device for communicating with other devices or communication networks.
  • the network interface 903 includes, for example, at least one of a wired network interface or a wireless network interface.
  • the wired network interface is, for example, an Ethernet interface.
  • the Ethernet interface is, for example, an optical interface, an electrical interface, or a combination thereof.
  • the wireless network interface is, for example, a wireless local area network (WLAN) interface, a cellular network interface, or a combination thereof.
  • WLAN wireless local area network
  • the device 900 further includes an input-output interface 906.
  • the input-output interface 906 is connected to the internal connection 904.
  • the processor 901 implements the method in the above embodiment by reading the program code stored in the memory 902, or the processor 901 implements the method in the above embodiment by the program code stored internally.
  • the memory 902 stores the program code 910 that implements the method provided in the embodiment of the present application.
  • A refers to B, which means that A is the same as B or A is a simple variant of B.
  • first and second in the description and claims of the embodiments of the present application are used to distinguish different objects, rather than to describe a specific order of objects, and cannot be understood as indicating or implying relative importance.
  • first forwarding proof and the second forwarding proof are used to distinguish different forwarding proofs, rather than to describe a specific order of forwarding proofs, and cannot be understood as the first forwarding proof being more important than the second forwarding proof.
  • the information including but not limited to user device information, user personal information, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, etc.
  • signals involved in the embodiments of this application are all authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with the relevant laws, regulations and standards of relevant countries and regions.
  • the identity information involved in this application is obtained with full authorization.
  • multiple forwarding nodes means two or more forwarding nodes.
  • the above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more available media integrated therein.
  • the available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state drive Solid State Disk (SSD)), etc.
  • SSD Solid State Disk

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present application belongs to the field of network security. Provided are a method and apparatus for acquiring a forwarding proof, and a method and apparatus for verifying a forwarding proof. In the present application, a forwarding proof is obtained in view of an expected sequential position of a forwarding node on a forwarding path and the identity of the forwarding node, thereby realizing the position binding of the forwarding proof and the fault tolerance for non-critical nodes. The forwarding proof is not only related to the identity of the forwarding node, but is also related to the expected sequential position of the forwarding node. Only when a data packet is forwarded to a correct sequential position on the forwarding path can a node having correct identity calculate a correct forwarding proof, such that the forwarding proof and the actual forwarding condition of the data packet are strongly bound. If an expected node is skipped or redundant unexpected nodes are passed by during a forwarding process, the identities of the nodes no longer match the sequential positions of the nodes; therefore, forwarding proofs obtained on the basis of the identities of the nodes and the sequential positions of the nodes cannot pass verification, thus improving the credibility of the forwarding proofs.

Description

转发证明的获取方法、转发证明的验证方法及装置Method for obtaining forwarding certificate, method and device for verifying forwarding certificate

本申请要求于2024年01月16日提交国家知识产权局、申请号为202410067738.3、发明名称为“转发证明的获取方法、转发证明的验证方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the State Intellectual Property Office on January 16, 2024, with application number 202410067738.3 and invention name “Method for obtaining forwarding certificate, method and device for verifying forwarding certificate”, all contents of which are incorporated by reference in this application.

技术领域Technical Field

本申请涉及网络安全领域,特别涉及一种转发证明的获取方法、转发证明的验证方法及装置。The present application relates to the field of network security, and in particular to a method for obtaining a forwarding certificate, and a method and device for verifying a forwarding certificate.

背景技术Background Art

转发证明是指在转发数据报文的过程中用于验证数据报文的转发情况而生成的一种数据。通过转发证明,有助于降低数据报文在转发过程中被篡改或伪造的概率,从而提高数据报文的传输安全性。Forwarding proof refers to a type of data generated during the process of forwarding data messages to verify the forwarding status of data messages. Forwarding proof helps reduce the probability of data messages being tampered with or forged during the forwarding process, thereby improving the transmission security of data messages.

目前,如果数据报文没有按照指定的路径逐跳转发,而是跳过转发路径中的节点,或者路过多余的未指定的节点,这种场景下获得的转发证明仍然能通过一定概率下通过验证,可见转发证明的可信性存在不足。Currently, if a data packet is not forwarded hop by hop along the specified path, but skips nodes in the forwarding path, or passes through redundant unspecified nodes, the forwarding proof obtained in this scenario can still be verified with a certain probability, which shows that the credibility of the forwarding proof is insufficient.

发明内容Summary of the invention

本申请实施例提供了一种转发证明的获取方法、转发证明的验证方法及装置,能够提高转发证明的可信性,技术方案如下。The embodiments of the present application provide a method for obtaining a forwarding certificate, a method for verifying a forwarding certificate, and a device, which can improve the credibility of the forwarding certificate. The technical solution is as follows.

第一方面,提供了一种转发证明的获取方法,第一转发节点获取第一数据报文,第一数据报文对应的至少两个关键节点包括第一转发节点,关键节点为路径规划方为第一数据报文确定的预期转发路径中经过的转发节点;第一转发节点获取第一转发节点在预期转发路径中的顺序位置以及第一转发节点的身份信息,第一转发节点在预期转发路径中的顺序位置与第一转发节点在第一数据报文的实际转发路径中的顺序位置不同,第一转发节点的身份信息指示第一转发节点的身份;第一转发节点基于第一转发节点在预期转发路径中的顺序位置以及第一转发节点的身份信息获得第一转发节点的转发证明,第一转发节点的转发证明用于证明第一转发节点在预期转发路径中的顺序位置转发第一数据报文。In a first aspect, a method for obtaining a forwarding proof is provided, wherein a first forwarding node obtains a first data packet, and at least two key nodes corresponding to the first data packet include a first forwarding node, where the key node is a forwarding node passed through in an expected forwarding path determined by a path planner for the first data packet; the first forwarding node obtains a sequential position of the first forwarding node in the expected forwarding path and identity information of the first forwarding node, the sequential position of the first forwarding node in the expected forwarding path is different from the sequential position of the first forwarding node in an actual forwarding path of the first data packet, and the identity information of the first forwarding node indicates the identity of the first forwarding node; the first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node forwards the first data packet at the sequential position in the expected forwarding path.

基于第一方面提供的方法,由于结合转发节点在预期转发路径中的顺序位置以及转发节点的身份信息获得转发证明,使得转发证明不仅和转发节点的身份信息有关,还和转发节点在预期转发路径中的顺序位置有关。基于此,转发证明能够验证转发节点的身份是否正确(例如转发节点是否是路径规划方所预期的业务数据传输时所需经过的转发节点)以及转发节点的顺序位置是否正确(例如转发节点之间的顺序关系是否符合路径规划方所预期的业务数据传输时经过转发节点的顺序关系)。例如,如果在转发过程中跳过预期转发路径中的关键节点,或者路过预期转发路径中不存在的多余未指定的节点,则均会由于关键节点的身份信息与关键节点的顺序位置不再匹配,导致基于关键节点的身份信息与关键节点的顺序位置获得的转发证明无法通过验证,从而提高转发证明的可信性。Based on the method provided in the first aspect, since the forwarding proof is obtained by combining the sequential position of the forwarding node in the expected forwarding path and the identity information of the forwarding node, the forwarding proof is not only related to the identity information of the forwarding node, but also to the sequential position of the forwarding node in the expected forwarding path. Based on this, the forwarding proof can verify whether the identity of the forwarding node is correct (for example, whether the forwarding node is the forwarding node that the path planner expects the business data to pass through when it is transmitted) and whether the sequential position of the forwarding node is correct (for example, whether the sequential relationship between the forwarding nodes conforms to the sequential relationship of the business data passing through the forwarding nodes when the path planner expects the business data to be transmitted). For example, if a key node in the expected forwarding path is skipped during the forwarding process, or an extra unspecified node that does not exist in the expected forwarding path is passed, the forwarding proof obtained based on the identity information of the key node and the sequential position of the key node will no longer match, thereby improving the credibility of the forwarding proof.

尤其是,在转发节点在预期转发路径中的顺序位置与转发节点在实际转发路径中的顺序位置不同的情况下,由于使用转发节点在预期转发路径中的顺序位置获得转发证明,而不是使用转发节点在实际转发路径中的顺序位置获得转发证明,使得获取转发证明所基于的顺序位置与获取向量承诺所基于的顺序位置一致,因此实现了路径验证的容错性。例如,允许数据报文在实际传输过程中经过一些非关键节点(例如老旧的设备、能力弱的设备或者第三方网络厂商生产的设备),降低非关键节点下游的关键节点由于对转发证明验证不通过造成中断业务数据传输或者输出告警的风险。In particular, when the sequence position of the forwarding node in the expected forwarding path is different from the sequence position of the forwarding node in the actual forwarding path, the forwarding proof is obtained by using the sequence position of the forwarding node in the expected forwarding path instead of the sequence position of the forwarding node in the actual forwarding path, so that the sequence position based on which the forwarding proof is obtained is consistent with the sequence position based on which the vector commitment is obtained, thereby achieving fault tolerance of path verification. For example, data packets are allowed to pass through some non-critical nodes (such as old equipment, equipment with weak capabilities, or equipment produced by third-party network manufacturers) during actual transmission, reducing the risk of critical nodes downstream of non-critical nodes interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof.

基于第一方面提供的方法,在一些实施方式中,至少两个关键节点还包括第二转发节点,第二转发节点为预期转发路径中位于第一转发节点上游的关键节点,第一转发节点基于第一转发节点在预期转发路径中的顺序位置以及第一转发节点的身份信息获得第一转发节点的转发证明,包括:第一转发节点基于第一转发节点在预期转发路径中的顺序位置、第一转发节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息获得第一转发节点的转发证明,第二转发节点的身份信息指示第二转发节点的身份,第一转发节点的转发证明用于证明第一转发节点以及第二转发节点分别在预期转发路径中处于对应的顺序位置。Based on the method provided in the first aspect, in some embodiments, at least two key nodes also include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, including: the first forwarding node obtains the forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.

由于基于多个关键节点的预期顺序位置以及多个关键节点的身份获得转发证明,使得获得的转发证明能够一次性验证多个关键节点是否分别在预期转发路径中处于对应的顺序位置,利用批量处理提升转发路径整体的验证性能,节省了计算证明和验证证明的时间。此外,该方式使得获取转发证明耗费的时间几乎不会随着关键节点的数量的增加而线性地增加,从而更适应于大规模的组网,提高可扩展性。Since the forwarding proof is obtained based on the expected sequential positions of multiple key nodes and the identities of multiple key nodes, the obtained forwarding proof can verify at one time whether multiple key nodes are in the corresponding sequential positions in the expected forwarding path, and use batch processing to improve the overall verification performance of the forwarding path, saving the time for calculating proofs and verifying proofs. In addition, this method makes the time spent on obtaining forwarding proofs almost not increase linearly with the increase in the number of key nodes, so it is more suitable for large-scale networking and improves scalability.

基于第一方面提供的方法,在一些实施方式中,第一转发节点为预期转发路径中的最后一个关键节点,第二转发节点包括预期转发路径中第一转发节点之外的所有关键节点。Based on the method provided in the first aspect, in some implementations, the first forwarding node is the last key node in the expected forwarding path, and the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node.

通过结合转发路径中从第一个关键节点至本端中的每个节点的顺序位置和身份获得转发证明,从而能够一次性验证实际转发路径上报文已经过的每一个关键节点的顺序位置和身份信息,减少了时间成本和计算成本,提高了验证的效率,且验证也更加完整。By combining the sequential position and identity of each node from the first key node to the local end in the forwarding path to obtain the forwarding proof, the sequential position and identity information of each key node that the message has passed on the actual forwarding path can be verified at one time, reducing the time and computing costs, improving the efficiency of verification, and making the verification more complete.

基于第一方面提供的方法,在一些实施方式中,方法还包括:第一转发节点基于第一数据报文获得第一转发节点在实际转发路径中的顺序位置;第一转发节点向验证节点发送第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some embodiments, the method also includes: the first forwarding node obtains the sequential position of the first forwarding node in the actual forwarding path based on the first data packet; the first forwarding node sends the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node.

由于关键节点向验证节点发送了本端在实际转发路径中的顺序位置,使得验证节点能够感知关键节点在实际转发路径中的顺序位置,从而实现非关键节点的可记录性。例如,验证节点基于实际转发路径中两个相邻关键节点的顺序位置不连续,则确定两个关键节点之间存在非关键节点。验证节点基于实际转发路径中两个相邻关键节点的顺序位置之差,确定两个关键节点之间存在的非关键节点数量。Since the key node sends the sequence position of the local end in the actual forwarding path to the verification node, the verification node can perceive the sequence position of the key node in the actual forwarding path, thereby realizing the recordability of non-key nodes. For example, the verification node determines that there is a non-key node between the two key nodes based on the discontinuity of the sequence position of two adjacent key nodes in the actual forwarding path. The verification node determines the number of non-key nodes between the two key nodes based on the difference in the sequence position of two adjacent key nodes in the actual forwarding path.

此外,由于实际转发路径的顺序位置由关键节点负责记录,不必要求非关键节点执行转发之外的额外动作,也能侧面记录非关键节点的存在,兼容性更好。In addition, since the sequence position of the actual forwarding path is recorded by the key nodes, there is no need to require non-key nodes to perform additional actions beyond forwarding. The existence of non-key nodes can also be recorded indirectly, which improves compatibility.

基于第一方面提供的方法,在一些实施方式中,验证节点包括第三转发节点,第三转发节点为预期转发路径中位于第一转发节点下游的关键节点,第一转发节点向验证节点发送第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置,包括:第一转发节点基于第一数据报文、第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置获得第二数据报文,第二数据报文包括第一数据报文的载荷、第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;第一转发节点向第三转发节点发送第二数据报文。Based on the method provided in the first aspect, in some embodiments, the verification node includes a third forwarding node, which is a key node located downstream of the first forwarding node in the expected forwarding path, and the first forwarding node sends a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path to the verification node, including: the first forwarding node obtains a second data packet based on the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data packet including the payload of the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; the first forwarding node sends the second data packet to the third forwarding node.

由于将实际顺序位置以及转发证明携带在同一个数据报文发送给转发路径下游的关键节点,使得关键节点的实际顺序位置随业务数据一起传输,实现了以带内的方式传输实际顺序位置。在关键节点兼任验证节点(观察者)的模式下,无需分别构造独立的数据报文来传输实际顺序位置以及转发证明,因此实际顺序位置以及转发证明整体的传输开销较小,验证节点通过解析一个数据报文能够同时获得关键节点的实际顺序位置以及关键节点的转发证明,因此验证节点获得关键节点的实际顺序位置以及关键节点的转发证明的效率也较高。Since the actual sequence position and the forwarding proof are carried in the same data message and sent to the key node downstream of the forwarding path, the actual sequence position of the key node is transmitted together with the business data, realizing the transmission of the actual sequence position in an in-band manner. In the mode where the key node also serves as the verification node (observer), there is no need to construct independent data messages to transmit the actual sequence position and the forwarding proof respectively, so the overall transmission overhead of the actual sequence position and the forwarding proof is relatively small. The verification node can obtain the actual sequence position of the key node and the forwarding proof of the key node at the same time by parsing a data message, so the verification node is also more efficient in obtaining the actual sequence position of the key node and the forwarding proof of the key node.

基于第一方面提供的方法,在一些实施方式中,第一数据报文包括第一位置列表,第一位置列表包括预期转发路径中位于第一转发节点上游的关键节点在实际转发路径中的顺序位置,第二数据报文包括第二位置列表,第二位置列表包括第一位置列表以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some embodiments, the first data packet includes a first position list, the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path, and the second data packet includes a second position list, the second position list includes the first position list and the sequential position of the first forwarding node in the actual forwarding path.

由于数据报文中携带上游的关键节点在实际转发路径中的顺序位置的列表,每个关键节点在数据报文中携带的列表的基础上进一步添加本端在实际转发路径中的顺序位置,即可使得数据报文承载数据报文已经过的每个关键节点在实际转发路径中的顺序位置,数据报文中携带的实际顺序位置更加完整,降低遗漏已经过而未记录的关键节点的实际顺序位置的风险。Since the data message carries a list of the sequential positions of the upstream key nodes in the actual forwarding path, each key node is further added with the sequential position of the local end in the actual forwarding path on the basis of the list carried in the data message, so that the data message can carry the sequential position of each key node in the actual forwarding path that the data message has passed, and the actual sequential position carried in the data message is more complete, reducing the risk of missing the actual sequential position of the key nodes that have been passed but not recorded.

基于第一方面提供的方法,在一些实施方式中,第二数据报文包括互联网协议第六版IPv6扩展头,IPv6扩展头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。在IPv6场景下,通过使用IPv6扩展头携带转发证明和实际顺序位置,支持证明数据流是否按照预期的先后顺序经过预期的各个IPv6节点。Based on the method provided in the first aspect, in some implementations, the second data message includes an Internet Protocol version 6 IPv6 extension header, and the IPv6 extension header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. In an IPv6 scenario, by using the IPv6 extension header to carry the forwarding proof and the actual sequential position, it is supported to prove whether the data flow passes through the expected IPv6 nodes in the expected sequence.

基于第一方面提供的方法,在一些实施方式中,第二数据报文包括网络服务报文头NSH,NSH包括元数据字段,元数据字段包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some embodiments, the second data packet includes a network service packet header NSH, the NSH includes a metadata field, the metadata field includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.

在业务功能链(service function chaining,SFC)场景下,通过使用SFC场景下特有的NSH携带转发证明和实际顺序位置,支持证明数据流是否按照预期的先后顺序经过预期的各个业务功能(service function,SF),以及记录数据流是否经过了非预期的SF,有助于各个SF按需有序地处理流量。In the service function chaining (SFC) scenario, by using the NSH unique to the SFC scenario to carry forwarding proof and actual sequence position, it supports proving whether the data flow passes through the expected service functions (SF) in the expected sequence, and records whether the data flow passes through an unexpected SF, which helps each SF to process traffic in an orderly manner as needed.

基于第一方面提供的方法,在一些实施方式中,第二数据报文包括多协议标签交换MPLS头,MPLS头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some implementations, the second data packet includes a multi-protocol label switching MPLS header, and the MPLS header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.

在MPLS场景下,通过使用MPLS头携带转发证明和实际顺序位置,支持证明数据流是否按照预期的先后顺序(如MPLS标签栈指示的先后顺序)经过预期的各个MPLS节点,从而适用于基于MPLS协议通信等场景,提供了在MPLS网络中验证数据来源的机制,便于验证数据报文是否按照MPLS隧道所指定的顺序依次转发。In the MPLS scenario, by using the MPLS header to carry forwarding proof and actual sequence position, it supports proving whether the data flow passes through the expected MPLS nodes in the expected order (such as the order indicated by the MPLS label stack), which is suitable for scenarios such as MPLS protocol communication. It provides a mechanism for verifying the source of data in the MPLS network, making it easier to verify whether the data packets are forwarded in the order specified by the MPLS tunnel.

基于第一方面提供的方法,在一些实施方式中,第二数据报文包括虚拟化扩展局域网VxLAN头,VxLAN头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,在VxLAN场景下,适用于基于VxLAN协议的虚拟化网络或跨数据中心互联等场景,提供了在VxLAN隧道中验证数据来源的功能,便于验证数据报文是否按照VxLAN隧道所指定的顺序依次转发。Based on the method provided in the first aspect, in some embodiments, the second data packet includes a virtualized extended local area network VxLAN header, the VxLAN header includes a forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path; or, in a VxLAN scenario, it is suitable for scenarios such as virtualized networks based on the VxLAN protocol or cross-data center interconnections, and provides a function for verifying the source of data in the VxLAN tunnel, which facilitates verification of whether the data packets are forwarded in sequence in the order specified by the VxLAN tunnel.

基于第一方面提供的方法,在一些实施方式中,第二数据报文包括互联网协议安全性IPsec头,IPsec头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。上述方法适用于基于IPsec协议的网络场景,提供了在IPsec隧道中验证数据来源的功能,便于验证数据报文在实际转发时经过的转发路径是否与预先规划的IPsec隧道匹配。Based on the method provided in the first aspect, in some implementations, the second data message includes an Internet Protocol security IPsec header, and the IPsec header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. The above method is applicable to a network scenario based on the IPsec protocol, and provides a function of verifying the source of data in the IPsec tunnel, so as to facilitate verification of whether the forwarding path through which the data message passes during actual forwarding matches the pre-planned IPsec tunnel.

基于第一方面提供的方法,在一些实施方式中,IPv6扩展头包括段路由头SRH,SRH包括类型-长度-值TLV,SRH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。上述方法适用于SRv6场景,便于验证数据报文在实际转发时经过的转发路径是否与预先规划的segment list匹配。Based on the method provided in the first aspect, in some implementations, the IPv6 extension header includes a segment routing header SRH, the SRH includes a type-length-value TLV, and the TLV of the SRH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. The above method is applicable to SRv6 scenarios, and is convenient for verifying whether the forwarding path that the data message passes through during actual forwarding matches the pre-planned segment list.

基于第一方面提供的方法,在一些实施方式中,IPv6扩展头包括应用感知网络APN报文头,APN报文头包括应用感知网络标识APN ID,APN ID包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。上述方法适用于APN6场景,便于验证数据报文在实际转发时经过的转发路径是否与APN网络中预先规划的转发路径匹配。Based on the method provided in the first aspect, in some implementations, the IPv6 extension header includes an application-aware network APN message header, the APN message header includes an application-aware network identifier APN ID, and the APN ID includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. The above method is applicable to the APN6 scenario, and is convenient for verifying whether the forwarding path that the data message passes through during actual forwarding matches the forwarding path pre-planned in the APN network.

基于第一方面提供的方法,在一些实施方式中,IPv6扩展头包括目的选项头DOH,DOH包括TLV,DOH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some implementations, the IPv6 extension header includes a destination options header DOH, the DOH includes a TLV, and the TLV of the DOH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.

基于第一方面提供的方法,在一些实施方式中,IPv6扩展头包括逐跳选项头HBH,HBH包括TLV,HBH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some implementations, the IPv6 extension header includes a hop-by-hop options header HBH, the HBH includes a TLV, and the TLV of the HBH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.

基于第一方面提供的方法,在一些实施方式中,第一转发节点向验证节点发送第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置,包括:第一转发节点生成通告报文,通告报文包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;第一转发节点向验证节点发送通告报文。Based on the method provided in the first aspect, in some embodiments, the first forwarding node sends a forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node, including: the first forwarding node generates a notification message, the notification message includes the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path; the first forwarding node sends a notification message to the verification node.

通过构造独立的报文来通告关键节点的实际顺序位置以及关键节点的转发证明,验证节点能够基于接收到的关键节点在实际转发路径的顺序位置推理出实际转发路径是否存在非关键节点以及实际转发路径中非关键节点的数量,从而实现非关键节点可记录性。此外,由于任意一个关键节点在接收到数据报文后,即可将转发证明和实际顺序位置发送给验证节点,使得验证节点能够实时验证转发证明以及记录实际顺序位置,而不必等到数据报文传输至最后一个关键节点再验证转发证明以及记录实际顺序位置,实现数据传输过程的实时透明追踪,攻击窗口较小。By constructing independent messages to notify the actual sequence position of key nodes and the forwarding proof of key nodes, the verification node can infer whether there are non-key nodes in the actual forwarding path and the number of non-key nodes in the actual forwarding path based on the sequence position of the received key nodes in the actual forwarding path, thereby achieving the recordability of non-key nodes. In addition, since any key node can send the forwarding proof and the actual sequence position to the verification node after receiving the data message, the verification node can verify the forwarding proof and record the actual sequence position in real time, without having to wait until the data message is transmitted to the last key node to verify the forwarding proof and record the actual sequence position, thus achieving real-time transparent tracking of the data transmission process, and a smaller attack window.

基于第一方面提供的方法,在一些实施方式中,通告报文包括网络配置协议NETCONF报文,NETCONF报文包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the method provided in the first aspect, in some implementations, the notification message includes a network configuration protocol NETCONF message, and the NETCONF message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.

以上方式支持管理面协议传输转发证明以及实际顺序位置的场景。The above method supports the scenario where the management plane protocol transmits forwarding proof and actual sequence position.

通告报文包括超文本传输协议HTTP报文,HTTP报文中的载荷字段包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The notification message includes a Hypertext Transfer Protocol HTTP message, and the payload field in the HTTP message includes the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.

以上方式支持数据面协议传输转发证明以及实际顺序位置的场景。The above method supports scenarios where data plane protocol transmission forwarding proof and actual sequence position are required.

基于第一方面提供的方法,在一些实施方式中,第一数据报文包括段列表segment list,segment list包括第一转发节点的段标识SID,第一转发节点获取第一转发节点在预期转发路径中的顺序位置,包括:第一转发节点基于第一转发节点的SID在segment list中所处的顺序位置,获得第一转发节点在预期转发路径中的顺序位置。Based on the method provided in the first aspect, in some embodiments, the first data packet includes a segment list segment list, the segment list includes a segment identifier SID of the first forwarding node, and the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path, including: the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path based on the sequential position of the SID of the first forwarding node in the segment list.

以上方式提供了一种基于数据面实现的快速地、性能较好的预期顺序位置的获取方式。由于转发节点基于接收到的数据报文中携带的segment list即可获得预期顺序位置,无需为了确定预期顺序位置而配置和保存大量表项,从而减少转发节点为了预先保存预期顺序位置造成的存储资源开销,也减少了转发节点为确定预期顺序位置查表匹配造成的性能开销。The above method provides a fast and high-performance method for obtaining the expected sequence position based on the data plane. Since the forwarding node can obtain the expected sequence position based on the segment list carried in the received data message, there is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reducing the performance overhead caused by the forwarding node to look up the table to determine the expected sequence position.

基于第一方面提供的方法,在一些实施方式中,第一数据报文包括路径标识,第一转发节点获取第一转发节点在预期转发路径中的顺序位置,包括:第一转发节点基于路径标识以及第一转发节点保存的对应关系,获得第一转发节点在预期转发路径中的顺序位置,对应关系包括路径标识以及第一转发节点在预期转发路径中的顺序位置。Based on the method provided in the first aspect, in some embodiments, the first data packet includes a path identifier, and the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path, including: the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path based on the path identifier and a corresponding relationship saved by the first forwarding node, and the corresponding relationship includes the path identifier and the sequential position of the first forwarding node in the expected forwarding path.

以上方式提供了一种结合数据面中携带的路径标识以及控制面提供的对应关系的预期顺序位置的获取方式。由于数据报文中无需携带每个关键节点的预期顺序位置,从而在支持路径验证的基础上,进一步减少数据报文传输的开销。The above method provides a method for obtaining the expected sequence position by combining the path identifier carried in the data plane and the corresponding relationship provided by the control plane. Since the data message does not need to carry the expected sequence position of each key node, the overhead of data message transmission is further reduced on the basis of supporting path verification.

基于第一方面提供的方法,在一些实施方式中,第一转发节点获取第一数据报文之前,方法还包括:第一转发节点接收来自路径规划方的第一转发节点在预期转发路径中的顺序位置。Based on the method provided in the first aspect, in some implementations, before the first forwarding node obtains the first data packet, the method further includes: the first forwarding node receives the sequential position of the first forwarding node in the expected forwarding path from the path planner.

由于路径规划方在转发数据报文之前预先分发预期转发路径中的顺序位置,从而无需数据报文中携带每个关键节点的预期顺序位置,也能让转发节点获知预期顺序位置,从而在支持路径验证的基础上,进一步减少数据报文传输的开销。Since the path planner pre-distributes the expected sequence position in the forwarding path before forwarding the data message, there is no need to carry the expected sequence position of each key node in the data message, and the forwarding node can also know the expected sequence position, thereby further reducing the overhead of data message transmission on the basis of supporting path verification.

基于第一方面提供的方法,在一些实施方式中,第一转发节点获取第一数据报文,包括:第一转发节点接收来自第二转发节点的第一数据报文,第二转发节点为转发路径中位于第一转发节点上游的关键节点,第一数据报文包括第二转发节点的转发证明;方法还包括:第一转发节点基于第一向量承诺、第二转发节点的身份信息以及第二转发节点在预期转发路径中的顺序位置,对第二转发节点的转发证明进行验证,第一向量承诺指示至少两个关键节点在预期转发路径中的顺序位置与至少两个关键节点的身份之间的对应关系,至少两个关键节点包括第二转发节点。Based on the method provided in the first aspect, in some implementations, the first forwarding node obtains a first data packet, including: the first forwarding node receives the first data packet from a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the forwarding path, and the first data packet includes a forwarding proof of the second forwarding node; the method also includes: the first forwarding node verifies the forwarding proof of the second forwarding node based on a first vector commitment, identity information of the second forwarding node, and a sequential position of the second forwarding node in the expected forwarding path, the first vector commitment indicating a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, and the at least two key nodes include the second forwarding node.

通过对上一个转发节点的转发证明进行验证,从而能够确认上一个转发节点的顺序位置是否为预期顺序位置,上一个转发节点是否为预期的转发节点,支持验证上一跳来源的正确性。在路由劫持、路由注入以及流量绕行等网络攻击场景下,如果攻击者将流量被重定向到攻击者指定的路径上,则转发证明无法验证通过,从而能够及时发现数据报文中存在的网络攻击,降低数据来源不正确带来的风险。此外,由于每个节点的验证都建立在前一跳的验证基础上,相当于形成了一个连续的验证链条,从而降低转发路径中任意一跳节点伪装、欺骗或篡改数据包的概率,提高网络的安全性。By verifying the forwarding proof of the previous forwarding node, it is possible to confirm whether the sequence position of the previous forwarding node is the expected sequence position, whether the previous forwarding node is the expected forwarding node, and support verification of the correctness of the previous hop source. In network attack scenarios such as route hijacking, route injection, and traffic detour, if the attacker redirects the traffic to the path specified by the attacker, the forwarding proof cannot be verified, so that network attacks in data packets can be discovered in time, reducing the risks caused by incorrect data sources. In addition, since the verification of each node is based on the verification of the previous hop, it is equivalent to forming a continuous verification chain, thereby reducing the probability of any hop node in the forwarding path disguising, deceiving, or tampering with the data packet, improving the security of the network.

基于第一方面提供的方法,在一些实施方式中,路径规划方为生成第一数据报文的载荷数据的源主机;或者,路径规划方为预期转发路径中第一个转发设备。Based on the method provided in the first aspect, in some implementations, the path planner is a source host that generates payload data of the first data packet; or, the path planner is the first forwarding device in the expected forwarding path.

以上方式支持源终端算路或者网络侧头节点算路的场景,应用场景更丰富。The above method supports scenarios where the source terminal calculates the path or the head node on the network side calculates the path, and has richer application scenarios.

第二方面,提供了一种转发证明的验证方法,方法包括:In a second aspect, a method for verifying a forwarding certificate is provided, the method comprising:

验证节点获取第一转发节点的转发证明、第一向量承诺、第一转发节点的身份信息以及第一转发节点在预期转发路径的顺序位置,第一向量承诺指示至少两个关键节点在预期转发路径中的顺序位置与至少两个关键节点的身份之间的对应关系,至少两个关键节点包括第一转发节点,第一转发节点的身份信息指示第一转发节点的身份,第一转发节点的转发证明用于证明第一转发节点在预期转发路径处于第一转发节点的顺序位置;验证节点基于第一向量承诺、第一转发节点的身份信息以及第一转发节点的顺序位置对第一转发节点的转发证明进行验证。The verification node obtains a forwarding proof of a first forwarding node, a first vector commitment, identity information of the first forwarding node, and a sequential position of the first forwarding node in an expected forwarding path, the first vector commitment indicating a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, the at least two key nodes including the first forwarding node, the identity information of the first forwarding node indicating the identity of the first forwarding node, and the forwarding proof of the first forwarding node being used to prove that the first forwarding node is in the sequential position of the first forwarding node in the expected forwarding path; the verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the sequential position of the first forwarding node.

由于结合向量承诺、关键节点的预期顺序位置以及关键节点的身份信息对转发证明进行验证,如果在转发过程中跳过预期转发路径中的关键节点,或者路过预期转发路径中不存在的多余未指定的节点,则均会由于关键节点的身份信息与关键节点的顺序位置不再匹配,导致基于关键节点的身份信息与关键节点的顺序位置获得的转发证明无法通过验证,从而提高转发证明的可信性。Since the forwarding proof is verified by combining vector commitment, expected sequential position of key nodes and identity information of key nodes, if a key node in the expected forwarding path is skipped during the forwarding process, or extra unspecified nodes that do not exist in the expected forwarding path are passed through, the identity information of the key node and the sequential position of the key node will no longer match, resulting in the forwarding proof obtained based on the identity information of the key node and the sequential position of the key node failing to pass the verification, thereby improving the credibility of the forwarding proof.

进一步地,在很多源地址或中心化算路路由技术中,由于路由劫持、路由注入以及流量绕行等网络攻击,或者网络设备错误配置的问题会导致数据面的实际转发路径偏离于控制面的预期转发路径,而以上方法能够验证业务数据实际传输时是否按照预期转发路径转发,有助于解决控制面确定的预期转发路径和数据面实际转发路径不一致的问题。Furthermore, in many source address or centralized path calculation routing technologies, network attacks such as route hijacking, route injection, and traffic detour, or network device misconfiguration problems may cause the actual forwarding path of the data plane to deviate from the expected forwarding path of the control plane. The above method can verify whether the business data is actually forwarded along the expected forwarding path during transmission, which helps to solve the problem of inconsistency between the expected forwarding path determined by the control plane and the actual forwarding path of the data plane.

尤其是,在转发节点在预期转发路径中的顺序位置与转发节点在实际转发路径中的顺序位置不同的情况下,由于使用转发节点在预期转发路径中的顺序位置获得转发证明,而不是使用转发节点在实际转发路径中的顺序位置获得转发证明,使得获取转发证明所基于的顺序位置与获取向量承诺所基于的顺序位置一致,因此实现了路径验证的容错性。例如,允许数据报文在实际传输过程中经过一些非关键节点(例如老旧的设备、能力弱的设备或者第三方网络厂商生产的设备),降低非关键节点下游的关键节点由于对转发证明验证不通过造成中断业务数据传输或者输出告警的风险。In particular, when the sequence position of the forwarding node in the expected forwarding path is different from the sequence position of the forwarding node in the actual forwarding path, the forwarding proof is obtained by using the sequence position of the forwarding node in the expected forwarding path instead of the sequence position of the forwarding node in the actual forwarding path, so that the sequence position based on which the forwarding proof is obtained is consistent with the sequence position based on which the vector commitment is obtained, thereby achieving fault tolerance of path verification. For example, data packets are allowed to pass through some non-critical nodes (such as old equipment, equipment with weak capabilities, or equipment produced by third-party network manufacturers) during actual transmission, reducing the risk of critical nodes downstream of non-critical nodes interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof.

基于第二方面提供的方法,在一些实施方式中,至少两个关键节点还包括第二转发节点,第二转发节点为预期转发路径中位于第一转发节点上游的关键节点,验证节点基于第一向量承诺、第一转发节点的身份信息以及第一转发节点在预期转发路径中的顺序位置对第一转发节点的转发证明进行验证,包括:Based on the method provided in the second aspect, in some implementations, the at least two key nodes further include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the sequential position of the first forwarding node in the expected forwarding path, including:

验证节点基于第一向量承诺、第一转发节点在预期转发路径中的顺序位置、第一转发节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息,对第一转发节点的转发证明进行验证,第二转发节点的身份信息指示第二转发节点的身份,第一转发节点的转发证明用于证明第一转发节点以及第二转发节点均在预期转发路径中处于对应的顺序位置。The verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are both in corresponding sequential positions in the expected forwarding path.

由于基于多个关键节点的预期顺序位置以及多个关键节点的身份对转发证明进行验证,能够一次性验证多个关键节点是否分别在预期转发路径中处于对应的顺序位置,利用批量处理提升转发路径整体的验证性能,节省了计算证明和验证证明的时间。此外,该方式使得获取转发证明耗费的时间几乎不会随着关键节点的数量的增加而线性地增加,从而更适应于大规模的组网,提高可扩展性。Since the forwarding proof is verified based on the expected sequential positions of multiple key nodes and the identities of multiple key nodes, it is possible to verify at one time whether multiple key nodes are in the corresponding sequential positions in the expected forwarding path, and use batch processing to improve the overall verification performance of the forwarding path, saving the time for calculating and verifying proofs. In addition, this method makes the time spent on obtaining forwarding proofs almost not increase linearly with the increase in the number of key nodes, which is more suitable for large-scale networking and improves scalability.

基于第二方面提供的方法,在一些实施方式中,验证节点获取第一转发节点的转发证明,包括:验证节点接收来自第一转发节点的第一转发节点的转发证明。Based on the method provided in the second aspect, in some implementations, the verification node obtains the forwarding proof of the first forwarding node, including: the verification node receives the forwarding proof of the first forwarding node from the first forwarding node.

第三方面,提供了一种转发证明的验证方法,方法还包括:第一转发节点获取第一数据报文,第一转发节点部署于第一自治域AS的边界;第一转发节点基于被验证AS的顺序位置以及被验证AS的身份信息获得被验证AS的转发证明,被验证AS的身份信息指示被验证AS的身份;第一转发节点基于第二向量承诺、被验证AS的顺序位置以及被验证AS的身份信息对被验证AS的转发证明进行验证,第二向量承诺指示至少两个AS中每个AS的身份信息以及每个AS的顺序位置之间的对应关系。According to a third aspect, a method for verifying a forwarding proof is provided, the method also includes: a first forwarding node obtains a first data packet, and the first forwarding node is deployed at the boundary of a first autonomous domain AS; the first forwarding node obtains a forwarding proof of a verified AS based on the sequential position of the verified AS and the identity information of the verified AS, and the identity information of the verified AS indicates the identity of the verified AS; the first forwarding node verifies the forwarding proof of the verified AS based on a second vector commitment, the sequential position of the verified AS, and the identity information of the verified AS, and the second vector commitment indicates the correspondence between the identity information of each AS in at least two ASs and the sequential position of each AS.

由于基于被验证AS的身份信息以及被验证AS的顺序位置,获取被验证AS的转发证明,对被验证AS的转发证明与向量承诺进行比较,从而确定被验证AS是否是预期AS或/和被验证AS的顺序位置是否为预期顺序位置,实现AS级别的路径验证。在跨AS传输场景下,能够验证数据报文待经过的AS或者已经过的AS是否属于规划的预期路径中经过的AS,降低数据报文经过非预期的AS引起的风险。例如,降低数据报文经过网络传输质量不满足要求(例如时延、丢包率不达标)的AS引起的网络传输质量下降的风险,或者降低数据报文经过网络安全性不满足要求的AS(例如已识别的有安全风险的AS)引起的安全风险。Based on the identity information of the verified AS and the sequential position of the verified AS, the forwarding proof of the verified AS is obtained, and the forwarding proof of the verified AS is compared with the vector commitment, so as to determine whether the verified AS is the expected AS and/or whether the sequential position of the verified AS is the expected sequential position, thereby realizing AS-level path verification. In the cross-AS transmission scenario, it is possible to verify whether the AS that the data message is to pass through or the AS that has passed through belongs to the AS passed through in the planned expected path, thereby reducing the risk caused by the data message passing through an unexpected AS. For example, it reduces the risk of network transmission quality degradation caused by the data message passing through an AS whose network transmission quality does not meet the requirements (for example, the delay and packet loss rate do not meet the standards), or reduces the security risk caused by the data message passing through an AS whose network security does not meet the requirements (for example, an AS with security risks that has been identified).

基于第三方面提供的方法,在一些实施方式中,被验证AS包括第一AS的邻居AS、第一AS或者源AS至第一AS中的每个AS其中至少一项,邻居AS包括第一数据报文的实际转发路径中第一AS的上一个AS或/和第一数据报文的目的IP地址的可达路径中第一AS的下一个AS,源AS为与源主机通信的AS,源主机为生成第一数据报文的载荷数据的设备。Based on the method provided by the third aspect, in some embodiments, the verified AS includes at least one of a neighbor AS of the first AS, the first AS, or each AS from the source AS to the first AS, the neighbor AS includes the previous AS of the first AS in the actual forwarding path of the first data packet and/or the next AS of the first AS in the reachable path of the destination IP address of the first data packet, the source AS is the AS that communicates with the source host, and the source host is the device that generates the payload data of the first data packet.

通过获取下一个AS的转发证明并验证下一个AS的转发证明,从而在实际转发数据报文之前,提前验证数据报文可能被转发的下一个AS的顺序位置以及身份是否正确,从而降低数据报文进入非预期的AS导致业务数据传输的安全风险。By obtaining the forwarding proof of the next AS and verifying the forwarding proof of the next AS, the sequence position and identity of the next AS to which the data message may be forwarded can be verified in advance before the data message is actually forwarded, thereby reducing the security risk of business data transmission caused by data messages entering an unexpected AS.

通过获取上一个AS的转发证明并验证上一个AS的转发证明,从而验证数据报文是否来自于顺序位置或/和身份非预期的AS,增强跨AS传输场景下数据报文的安全性。By obtaining the forwarding proof of the previous AS and verifying the forwarding proof of the previous AS, it is possible to verify whether the data message comes from an AS with an unexpected sequence position or/and identity, thereby enhancing the security of data messages in cross-AS transmission scenarios.

基于第三方面提供的方法,在一些实施方式中,被验证AS的顺序位置包括被验证AS的预期顺序位置或者被验证AS的实际顺序位置,被验证AS的预期顺序位置用于指示被验证AS与第一数据报文的预期转发路径经过的AS之间的顺序关系,被验证AS的实际顺序位置用于指示被验证AS与第一数据报文的实际转发路径经过的AS之间的顺序关系。Based on the method provided by the third aspect, in some embodiments, the sequential position of the verified AS includes the expected sequential position of the verified AS or the actual sequential position of the verified AS, the expected sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the expected forwarding path of the first data packet passes, and the actual sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the actual forwarding path of the first data packet passes.

通过使用被验证AS的预期顺序位置进行路径验证,允许实际转发路径中两个预期AS之间插入非预期的AS,从而在实现AS级别的路径验证的基础上,实现AS级别的容错性。By using the expected sequential position of the verified AS for path verification, an unexpected AS is allowed to be inserted between two expected ASs in the actual forwarding path, thereby achieving AS-level fault tolerance on the basis of AS-level path verification.

通过使用被验证AS的实际顺序位置进行路径验证,能够验证实际转发路径经过的每个AS的身份以及顺序位置是否与预期转发路径经过的每个AS的身份以及顺序位置完全一致,从而实现更加严格的AS级别的路径验证。By using the actual sequential position of the verified AS for path verification, it is possible to verify whether the identity and sequential position of each AS passed by the actual forwarding path are completely consistent with the identity and sequential position of each AS passed by the expected forwarding path, thereby achieving more stringent AS-level path verification.

基于第三方面提供的方法,在一些实施方式中,被验证AS包括第一AS的邻居AS,第一数据报文携带第一AS的实际顺序位置,被验证AS的实际顺序位置是基于第一AS的实际顺序位置以及第一AS与被验证AS之间的顺序关系获得的。Based on the method provided in the third aspect, in some embodiments, the verified AS includes a neighbor AS of the first AS, the first data packet carries the actual sequential position of the first AS, and the actual sequential position of the verified AS is obtained based on the actual sequential position of the first AS and the sequential relationship between the first AS and the verified AS.

以上方式提供了一种基于数据面实现的快速地、性能较好的AS的实际顺序位置的获取方式。由于转发节点基于接收到的数据报文中携带的segment list即可获得被验证AS的实际顺序位置,无需为了确定预期顺序位置而配置和保存大量表项,从而减少转发节点为了预先保存预期顺序位置造成的存储资源开销,也减少了转发节点为了确定预期顺序位置查表匹配造成的性能开销。The above method provides a fast and high-performance method for obtaining the actual sequence position of the AS based on the data plane. Since the forwarding node can obtain the actual sequence position of the verified AS based on the segment list carried in the received data message, there is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reducing the performance overhead caused by the forwarding node to look up the table to determine the expected sequence position.

基于第三方面提供的方法,在一些实施方式中,被验证AS包括第一AS,第一数据报文中携带第一AS的实际顺序位置。Based on the method provided in the third aspect, in some implementations, the verified AS includes a first AS, and the first data message carries the actual sequential position of the first AS.

由于数据报文携带当前AS的实际顺序位置,相当于数据报文携带了AS级别的TTL,例如每当数据报文经过一个AS则数据报文中AS的实际顺序位置更新一次,转发节点基于接收到的数据报文的报文头的内容即可获知数据报文当前经过第几个AS,从而不仅支持基于AS的实际顺序位置进行严格的路径验证,而不必要求数据报文携带完整的已经过的所有AS的顺序位置,减少了数据报文的开销,且实现复杂度较低。Since the data message carries the actual sequence position of the current AS, it is equivalent to the data message carrying the AS-level TTL. For example, every time the data message passes through an AS, the actual sequence position of the AS in the data message is updated once. The forwarding node can know which AS the data message currently passes through based on the content of the message header of the received data message. This not only supports strict path verification based on the actual sequence position of the AS, but also does not require the data message to carry the complete sequence position of all ASs that have been passed, thereby reducing the overhead of the data message and reducing the implementation complexity.

基于第三方面提供的方法,在一些实施方式中,第一数据报文中携带AS列表,AS列表包括述第一数据报文的预期转发路路径经过的每个AS的身份信息,被验证AS的预期顺序位置是基于被验证AS的身份信息在AS列表中所处的顺序位置获得的。Based on the method provided in the third aspect, in some embodiments, the first data packet carries an AS list, the AS list includes the identity information of each AS through which the expected forwarding path of the first data packet passes, and the expected sequential position of the verified AS is obtained based on the sequential position of the identity information of the verified AS in the AS list.

由于数据报文中通过AS列表指示预期转发路路径经过的每个AS,从而不仅支持基于AS的预期顺序位置进行路径验证,且实现了AS级别的路径验证的容错性,且无需为了确定预期顺序位置而配置和保存大量表项,从而减少转发节点为了预先保存预期顺序位置造成的存储资源开销,也减少了转发节点查表确定预期顺序位置会造成的性能开销。Since the AS list in the data message indicates each AS through which the expected forwarding path passes, it not only supports path verification based on the expected sequence position of the AS, but also realizes the fault tolerance of AS-level path verification. There is no need to configure and save a large number of table entries to determine the expected sequence position, thereby reducing the storage resource overhead caused by the forwarding node to pre-save the expected sequence position, and also reduces the performance overhead caused by the forwarding node looking up the table to determine the expected sequence position.

基于第三方面提供的方法,在一些实施方式中,第一数据报文中携带第二向量承诺。Based on the method provided in the third aspect, in some implementation manners, the first data packet carries the second vector commitment.

向量承诺相当于验证转发证明时用于与转发证明进行比较的参考值,由于通过数据报文来携带向量承诺,从而减少转发节点为了预先保存向量承诺造成的存储资源开销,也减少了转发节点为了确定向量承诺查表匹配造成的性能开销。Vector commitment is equivalent to the reference value used to compare with the forwarding proof when verifying the forwarding proof. Since vector commitment is carried by data packets, it reduces the storage resource overhead caused by the forwarding node to pre-save vector commitments, and also reduces the performance overhead caused by the forwarding node to determine the vector commitment table match.

基于第三方面提供的方法,在一些实施方式中,基于第三方面提供的方法,在一些实施方式中,第一数据报文包括互联网协议第六版IPv6扩展头,IPv6扩展头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,Based on the method provided by the third aspect, in some implementations, based on the method provided by the third aspect, in some implementations, the first data message includes an Internet Protocol version 6 IPv6 extension header, and the IPv6 extension header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括网络服务报文头NSH,NSH包括元数据字段,元数据字段中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a network service message header NSH, the NSH includes a metadata field, and the metadata field carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括多协议标签交换MPLS头,MPLS头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a multi-protocol label switching MPLS header, and the MPLS header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括虚拟化扩展局域网VxLAN头,VxLAN头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a virtualized extended local area network VxLAN header, and the VxLAN header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括互联网协议安全性IPsec头,IPsec头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺。The first data message includes an Internet Protocol security IPsec header, and the IPsec header carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment.

基于第三方面提供的方法,在一些实施方式中,第一数据报文的目的IP地址包括第一IP地址,第一转发节点获取第一数据报文之前,方法还包括:第一转发节点接收来自被验证AS的路由协议报文,路由协议报文中携带第一IP地址以及被验证AS的身份信息;第一转发节点保存第一对应关系,第一对应关系包括第一IP地址以及被验证AS的身份信息;Based on the method provided in the third aspect, in some implementations, the destination IP address of the first data message includes the first IP address, and before the first forwarding node obtains the first data message, the method further includes: the first forwarding node receives a routing protocol message from the verified AS, the routing protocol message carries the first IP address and the identity information of the verified AS; the first forwarding node saves the first corresponding relationship, the first corresponding relationship includes the first IP address and the identity information of the verified AS;

第一转发节点获取第一数据报文之后,方法还包括:第一转发节点基于第一IP地址以及第一对应关系获得被验证AS的身份信息。After the first forwarding node obtains the first data message, the method further includes: the first forwarding node obtains identity information of the verified AS based on the first IP address and the first corresponding relationship.

以上方式支持被验证AS预先通过控制面通告本AS的身份信息。The above method supports the authenticated AS to notify the identity information of the AS in advance through the control plane.

基于第三方面提供的方法,在一些实施方式中,第一数据报文中携带路径标识,路径标识用于标识预期转发路径,第一转发节点获取第一数据报文之前,方法还包括:第一转发节点接收来自路径规划方的通告报文,通告报文中携带路径标识、被验证AS的顺序位置以及被验证AS的身份信息;第一转发节点保存第二对应关系,第二对应关系包括路径标识、被验证AS的顺序位置以及被验证AS的身份信息;Based on the method provided in the third aspect, in some implementations, the first data message carries a path identifier, and the path identifier is used to identify the expected forwarding path. Before the first forwarding node obtains the first data message, the method further includes: the first forwarding node receives a notification message from the path planning party, and the notification message carries the path identifier, the sequential position of the verified AS, and the identity information of the verified AS; the first forwarding node saves the second corresponding relationship, and the second corresponding relationship includes the path identifier, the sequential position of the verified AS, and the identity information of the verified AS;

第一转发节点获取第一数据报文之后,方法还包括:第一转发节点基于路径标识以及第二对应关系获得被验证AS的顺序位置以及被验证AS的身份信息。以上方式支持路径规划方预先通告被验证AS的顺序位置以及被验证AS的身份信息的方式。After the first forwarding node obtains the first data message, the method further includes: the first forwarding node obtains the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second corresponding relationship. The above method supports the method in which the path planner pre-notifies the sequence position of the verified AS and the identity information of the verified AS.

第四方面,提供了一种转发证明的获取装置,装置设于第一转发节点,装置包括:In a fourth aspect, a device for obtaining a forwarding certificate is provided, the device being arranged at a first forwarding node, and the device comprising:

获取单元,用于获取第一数据报文,第一数据报文对应的至少两个关键节点包括第一转发节点,关键节点为路径规划方为第一数据报文确定的预期转发路径中经过的转发节点;获取第一转发节点在预期转发路径中的顺序位置以及第一转发节点的身份信息,第一转发节点在预期转发路径中的顺序位置与第一转发节点在第一数据报文的实际转发路径中的顺序位置不同,第一转发节点的身份信息指示第一转发节点的身份;处理单元,用于基于第一转发节点在预期转发路径中的顺序位置以及第一转发节点的身份信息获得第一转发节点的转发证明,第一转发节点的转发证明用于证明第一转发节点在预期转发路径中的顺序位置转发第一数据报文。An acquisition unit is used to acquire a first data message, wherein at least two key nodes corresponding to the first data message include a first forwarding node, and the key node is a forwarding node passed through in an expected forwarding path determined by a path planner for the first data message; the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node are acquired, wherein the sequential position of the first forwarding node in the expected forwarding path is different from the sequential position of the first forwarding node in an actual forwarding path of the first data message, and the identity information of the first forwarding node indicates the identity of the first forwarding node; a processing unit is used to obtain a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, wherein the forwarding proof of the first forwarding node is used to prove that the first forwarding node forwards the first data message at the sequential position in the expected forwarding path.

基于第四方面提供的装置,在一些实施方式中,至少两个关键节点还包括第二转发节点,第二转发节点为预期转发路径中位于第一转发节点上游的关键节点,处理单元,用于基于第一转发节点在预期转发路径中的顺序位置、第一转发节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息获得第一转发节点的转发证明,第二转发节点的身份信息指示第二转发节点的身份,第一转发节点的转发证明用于证明第一转发节点以及第二转发节点分别在预期转发路径中处于对应的顺序位置。Based on the device provided in the fourth aspect, in some embodiments, at least two key nodes also include a second forwarding node, which is a key node located upstream of the first forwarding node in the expected forwarding path, and a processing unit is used to obtain a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.

基于第四方面提供的装置,在一些实施方式中,第一转发节点为预期转发路径中的最后一个关键节点,第二转发节点包括预期转发路径中第一转发节点之外的所有关键节点。Based on the device provided in the fourth aspect, in some implementations, the first forwarding node is the last key node in the expected forwarding path, and the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node.

基于第四方面提供的装置,在一些实施方式中,处理单元,还用于基于第一数据报文获得第一转发节点在实际转发路径中的顺序位置;Based on the device provided in the fourth aspect, in some implementation modes, the processing unit is further configured to obtain a sequential position of the first forwarding node in the actual forwarding path based on the first data message;

装置还包括:发送单元,用于向验证节点发送第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The device also includes: a sending unit, which is used to send the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node.

基于第四方面提供的装置,在一些实施方式中,验证节点包括第三转发节点,第三转发节点为预期转发路径中位于第一转发节点下游的关键节点,处理单元,还用于基于第一数据报文、第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置获得第二数据报文,第二数据报文包括第一数据报文的载荷、第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;发送单元,用于向第三转发节点发送第二数据报文。Based on the device provided in the fourth aspect, in some embodiments, the verification node includes a third forwarding node, which is a key node located downstream of the first forwarding node in the expected forwarding path; the processing unit is also used to obtain a second data packet based on the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data packet including the payload of the first data packet, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; the sending unit is used to send the second data packet to the third forwarding node.

基于第四方面提供的装置,在一些实施方式中,第一数据报文包括第一位置列表,第一位置列表包括预期转发路径中位于第一转发节点上游的关键节点在实际转发路径中的顺序位置,第二数据报文包括第二位置列表,第二位置列表包括第一位置列表以及第一转发节点在实际转发路径中的顺序位置。Based on the device provided in the fourth aspect, in some embodiments, the first data packet includes a first position list, the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path, and the second data packet includes a second position list, the second position list includes the first position list and the sequential position of the first forwarding node in the actual forwarding path.

基于第四方面提供的装置,在一些实施方式中,第二数据报文包括互联网协议第六版IPv6扩展头,IPv6扩展头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,第二数据报文包括网络服务报文头NSH,NSH包括元数据字段,元数据字段包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,第二数据报文包括多协议标签交换MPLS头,MPLS头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,第二数据报文包括虚拟化扩展局域网VxLAN头,VxLAN头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,第二数据报文包括互联网协议安全性IPsec头,IPsec头包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the device provided by the fourth aspect, in some embodiments, the second data packet includes an Internet Protocol version 6 IPv6 extension header, the IPv6 extension header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, the second data packet includes a network service header NSH, the NSH includes a metadata field, the metadata field includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, the second data packet includes a multi-protocol label switching MPLS header, the MPLS header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, the second data packet includes a virtualized extended local area network VxLAN header, the VxLAN header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, the second data packet includes an Internet Protocol security IPsec header, the IPsec header includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path.

基于第四方面提供的装置,在一些实施方式中,IPv6扩展头包括段路由头SRH,SRH包括类型-长度-值TLV,SRH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。Based on the device provided in the fourth aspect, in some embodiments, the IPv6 extension header includes a segment routing header SRH, the SRH includes a type-length-value TLV, and the TLV of the SRH includes a forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.

IPv6扩展头包括应用感知网络APN报文头,APN报文头包括应用感知网络标识APN ID,APN ID包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The IPv6 extension header includes an application-aware network APN message header, the APN message header includes an application-aware network identifier APN ID, the APN ID includes a forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.

IPv6扩展头包括目的选项头DOH,DOH包括TLV,DOH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The IPv6 extension header includes a destination options header DOH, the DOH includes a TLV, and the TLV of the DOH includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.

IPv6扩展头包括逐跳选项头HBH,HBH包括TLV,HBH的TLV包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The IPv6 extension header includes a hop-by-hop options header HBH, the HBH includes a TLV, and the TLV of the HBH includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path.

基于第四方面提供的装置,在一些实施方式中,处理单元,还用于生成通告报文,通告报文包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;Based on the device provided in the fourth aspect, in some implementation modes, the processing unit is further used to generate a notification message, the notification message including the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path;

发送单元,用于向验证节点发送通告报文。The sending unit is used to send a notification message to the verification node.

基于第四方面提供的装置,在一些实施方式中,通告报文包括网络配置协议NETCONF报文,NETCONF报文包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;或者,Based on the apparatus provided in the fourth aspect, in some implementations, the notification message includes a network configuration protocol NETCONF message, the NETCONF message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in an actual forwarding path; or,

通告报文包括超文本传输协议HTTP报文,HTTP报文中的载荷字段包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。The notification message includes a Hypertext Transfer Protocol HTTP message, and the payload field in the HTTP message includes the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.

基于第四方面提供的装置,在一些实施方式中,第一数据报文包括段列表segment list,segment list包括第一转发节点的段标识SID,处理单元,用于基于第一转发节点的SID在segment list中所处的顺序位置,获得第一转发节点在预期转发路径中的顺序位置。Based on the device provided in the fourth aspect, in some embodiments, the first data message includes a segment list segment list, the segment list includes a segment identifier SID of the first forwarding node, and the processing unit is used to obtain the sequential position of the first forwarding node in the expected forwarding path based on the sequential position of the SID of the first forwarding node in the segment list.

基于第四方面提供的装置,在一些实施方式中,第一数据报文包括路径标识,处理单元,用于基于路径标识以及第一转发节点保存的对应关系,获得第一转发节点在预期转发路径中的顺序位置,对应关系包括路径标识以及第一转发节点在预期转发路径中的顺序位置。Based on the device provided in the fourth aspect, in some embodiments, the first data packet includes a path identifier, and the processing unit is used to obtain the sequential position of the first forwarding node in the expected forwarding path based on the path identifier and the corresponding relationship saved by the first forwarding node, and the corresponding relationship includes the path identifier and the sequential position of the first forwarding node in the expected forwarding path.

基于第四方面提供的装置,在一些实施方式中,获取单元,还用于接收来自路径规划方的第一转发节点在预期转发路径中的顺序位置。Based on the device provided in the fourth aspect, in some implementations, the acquisition unit is further used to receive the sequential position of the first forwarding node in the expected forwarding path from the path planner.

基于第四方面提供的装置,在一些实施方式中,获取单元,用于接收来自第二转发节点的第一数据报文,第二转发节点为转发路径中位于第一转发节点上游的关键节点,第一数据报文包括第二转发节点的转发证明;Based on the device provided in the fourth aspect, in some implementation modes, the acquiring unit is configured to receive a first data message from a second forwarding node, where the second forwarding node is a key node located upstream of the first forwarding node in the forwarding path, and the first data message includes a forwarding certificate of the second forwarding node;

处理单元,还用于基于第一向量承诺、第二转发节点的身份信息以及第二转发节点在预期转发路径中的顺序位置,对第二转发节点的转发证明进行验证,第一向量承诺指示至少两个关键节点在预期转发路径中的顺序位置与至少两个关键节点的身份之间的对应关系,至少两个关键节点包括第二转发节点。The processing unit is further configured to verify the forwarding proof of the second forwarding node based on the first vector commitment, identity information of the second forwarding node, and the sequential position of the second forwarding node in the expected forwarding path, wherein the first vector commitment indicates a correspondence between the sequential positions of at least two key nodes in the expected forwarding path and the identities of the at least two key nodes, and the at least two key nodes include the second forwarding node.

基于第四方面提供的装置,在一些实施方式中,路径规划方为生成第一数据报文的载荷数据的源主机;或者,路径规划方为预期转发路径中第一个转发设备。Based on the apparatus provided in the fourth aspect, in some implementations, the path planning party is a source host that generates payload data of the first data packet; or, the path planning party is the first forwarding device in the expected forwarding path.

第五方面,提供了一种转发证明的验证装置,装置包括:获取单元,用于获取第一转发节点的转发证明、第一向量承诺、第一转发节点的身份信息以及第一转发节点在预期转发路径的顺序位置,第一向量承诺指示至少两个关键节点在预期转发路径中的顺序位置与至少两个关键节点的身份之间的对应关系,至少两个关键节点包括第一转发节点,第一转发节点的身份信息指示第一转发节点的身份,第一转发节点的转发证明用于证明第一转发节点在预期转发路径处于第一转发节点的顺序位置;验证单元,用于基于第一向量承诺、第一转发节点的身份信息以及第一转发节点的顺序位置对第一转发节点的转发证明进行验证。In a fifth aspect, a forwarding proof verification device is provided, the device comprising: an acquisition unit, used to acquire a forwarding proof of a first forwarding node, a first vector commitment, identity information of the first forwarding node, and a sequential position of the first forwarding node in an expected forwarding path, the first vector commitment indicating a correspondence between the sequential positions of at least two key nodes in the expected forwarding path and the identities of the at least two key nodes, the at least two key nodes including the first forwarding node, the identity information of the first forwarding node indicating the identity of the first forwarding node, and the forwarding proof of the first forwarding node being used to prove that the first forwarding node is in the sequential position of the first forwarding node in the expected forwarding path; a verification unit, used to verify the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the sequential position of the first forwarding node.

基于第五方面提供的装置,在一些实施方式中,至少两个关键节点还包括第二转发节点,第二转发节点为预期转发路径中位于第一转发节点上游的关键节点,验证单元,用于基于第一向量承诺、第一转发节点在预期转发路径中的顺序位置、第一转发节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息,对第一转发节点的转发证明进行验证,第二转发节点的身份信息指示第二转发节点的身份,第一转发节点的转发证明用于证明第一转发节点以及第二转发节点均在预期转发路径中处于对应的顺序位置。Based on the device provided in the fifth aspect, in some embodiments, at least two key nodes also include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the verification unit is used to verify the forwarding proof of the first forwarding node based on the first vector commitment, the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are both in corresponding sequential positions in the expected forwarding path.

基于第五方面提供的装置,在一些实施方式中,获取单元,用于接收来自第一转发节点的第一转发节点的转发证明。Based on the device provided in the fifth aspect, in some implementations, the acquisition unit is used to receive a forwarding certificate from the first forwarding node of the first forwarding node.

第六方面,提供了一种转发证明的验证装置,装置设于第一转发节点,装置还包括:In a sixth aspect, a forwarding proof verification device is provided, the device is arranged at a first forwarding node, and the device further includes:

获取单元,用于获取第一数据报文,第一转发节点部署于第一自治域AS的边界;An acquiring unit, configured to acquire a first data message, wherein the first forwarding node is deployed at a boundary of a first autonomous domain AS;

处理单元,用于基于被验证AS的顺序位置以及被验证AS的身份信息获得被验证AS的转发证明,被验证AS的身份信息指示被验证AS的身份;a processing unit, configured to obtain a forwarding certificate of the verified AS based on a sequence position of the verified AS and identity information of the verified AS, wherein the identity information of the verified AS indicates an identity of the verified AS;

处理单元,还用于基于第二向量承诺、被验证AS的顺序位置以及被验证AS的身份信息对被验证AS的转发证明进行验证,第二向量承诺指示至少两个AS中每个AS的身份信息以及每个AS的顺序位置之间的对应关系。The processing unit is further used to verify the forwarding proof of the verified AS based on the second vector commitment, the sequential position of the verified AS and the identity information of the verified AS, wherein the second vector commitment indicates the correspondence between the identity information of each AS in at least two ASs and the sequential position of each AS.

基于第六方面提供的装置,在一些实施方式中,被验证AS包括第一AS的邻居AS、第一AS或者源AS至第一AS中的每个AS其中至少一项,邻居AS包括第一数据报文的实际转发路径中第一AS的上一个AS或/和第一数据报文的目的IP地址的可达路径中第一AS的下一个AS,源AS为与源主机通信的AS,源主机为生成第一数据报文的载荷数据的设备。Based on the device provided in the sixth aspect, in some embodiments, the verified AS includes at least one of a neighbor AS of the first AS, the first AS, or each AS from the source AS to the first AS, the neighbor AS includes the previous AS of the first AS in the actual forwarding path of the first data packet and/or the next AS of the first AS in the reachable path of the destination IP address of the first data packet, the source AS is the AS that communicates with the source host, and the source host is a device that generates payload data of the first data packet.

基于第六方面提供的装置,在一些实施方式中,被验证AS的顺序位置包括被验证AS的预期顺序位置或者被验证AS的实际顺序位置,被验证AS的预期顺序位置用于指示被验证AS与第一数据报文的预期转发路径经过的AS之间的顺序关系,被验证AS的实际顺序位置用于指示被验证AS与第一数据报文的实际转发路径经过的AS之间的顺序关系。Based on the device provided in the sixth aspect, in some embodiments, the sequential position of the verified AS includes the expected sequential position of the verified AS or the actual sequential position of the verified AS, the expected sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the expected forwarding path of the first data packet passes, and the actual sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the actual forwarding path of the first data packet passes.

基于第六方面提供的装置,在一些实施方式中,被验证AS包括第一AS的邻居AS,第一数据报文携带第一AS的实际顺序位置,被验证AS的实际顺序位置是基于第一AS的实际顺序位置以及第一AS与被验证AS之间的顺序关系获得的。Based on the device provided in the sixth aspect, in some embodiments, the verified AS includes a neighbor AS of the first AS, the first data packet carries the actual sequential position of the first AS, and the actual sequential position of the verified AS is obtained based on the actual sequential position of the first AS and the sequential relationship between the first AS and the verified AS.

基于第六方面提供的装置,在一些实施方式中,被验证AS包括第一AS,第一数据报文中携带第一AS的实际顺序位置。Based on the device provided in the sixth aspect, in some implementations, the verified AS includes a first AS, and the first data message carries the actual sequential position of the first AS.

基于第六方面提供的装置,在一些实施方式中,第一数据报文中携带AS列表,AS列表包括述第一数据报文的预期转发路路径经过的每个AS的身份信息,被验证AS的预期顺序位置是基于被验证AS的身份信息在AS列表中所处的顺序位置获得的。Based on the device provided in the sixth aspect, in some embodiments, the first data packet carries an AS list, the AS list includes the identity information of each AS through which the expected forwarding path of the first data packet passes, and the expected sequential position of the verified AS is obtained based on the sequential position of the identity information of the verified AS in the AS list.

基于第六方面提供的装置,在一些实施方式中,第一数据报文中携带第二向量承诺。Based on the apparatus provided in the sixth aspect, in some implementation manners, the first data packet carries the second vector commitment.

基于第六方面提供的装置,在一些实施方式中,第一数据报文包括互联网协议第六版IPv6扩展头,IPv6扩展头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,Based on the apparatus provided in the sixth aspect, in some implementations, the first data message includes an Internet Protocol version 6 IPv6 extension header, and the IPv6 extension header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括网络服务报文头NSH,NSH包括元数据字段,元数据字段中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a network service message header NSH, the NSH includes a metadata field, and the metadata field carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括多协议标签交换MPLS头,MPLS头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a multi-protocol label switching MPLS header, and the MPLS header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括虚拟化扩展局域网VxLAN头,VxLAN头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺;或者,The first data message includes a virtualized extended local area network VxLAN header, and the VxLAN header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or,

第一数据报文包括互联网协议安全性IPsec头,IPsec头中携带被验证AS的顺序位置、被验证AS的身份信息以及第二向量承诺。The first data message includes an Internet Protocol security IPsec header, and the IPsec header carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment.

基于第六方面提供的装置,在一些实施方式中,第一数据报文的目的IP地址包括第一IP地址,获取单元,还用于接收来自被验证AS的路由协议报文,路由协议报文中携带第一IP地址以及被验证AS的身份信息;Based on the device provided in the sixth aspect, in some implementations, the destination IP address of the first data message includes the first IP address, and the acquisition unit is further used to receive a routing protocol message from the verified AS, where the routing protocol message carries the first IP address and identity information of the verified AS;

处理单元,还用于保存第一对应关系,第一对应关系包括第一IP地址以及被验证AS的身份信息;The processing unit is further used to save the first corresponding relationship, where the first corresponding relationship includes the first IP address and the identity information of the verified AS;

获取单元,还用于基于第一IP地址以及第一对应关系获得被验证AS的身份信息。The obtaining unit is further used to obtain the identity information of the verified AS based on the first IP address and the first corresponding relationship.

基于第六方面提供的装置,在一些实施方式中,第一数据报文中携带路径标识,路径标识用于标识预期转发路径,获取单元,还用于接收来自路径规划方的通告报文,通告报文中携带路径标识、被验证AS的顺序位置以及被验证AS的身份信息;Based on the device provided in the sixth aspect, in some implementation modes, the first data message carries a path identifier, the path identifier is used to identify the expected forwarding path, and the acquisition unit is further used to receive a notification message from the path planning party, the notification message carries the path identifier, the sequential position of the verified AS, and the identity information of the verified AS;

处理单元,还用于保存第二对应关系,第二对应关系包括路径标识、被验证AS的顺序位置以及被验证AS的身份信息;The processing unit is further used to save the second corresponding relationship, where the second corresponding relationship includes the path identifier, the sequential position of the verified AS, and the identity information of the verified AS;

获取单元,还用于基于路径标识以及第二对应关系获得被验证AS的顺序位置以及被验证AS的身份信息。The acquisition unit is further used to obtain the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second corresponding relationship.

第七方面,提供了一种转发设备,该转发设备包括处理器,处理器与存储器耦合,存储器中存储有至少一条计算机程序指令,至少一条计算机程序指令由处理器加载并执行,以使转发设备执行上述第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法,网络接口用于接收或发送报文。第七方面提供的转发设备的具体细节可参见第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法,网络接口用于接收或发送报文,此处不再赘述。In the seventh aspect, a forwarding device is provided, which includes a processor, the processor is coupled to a memory, at least one computer program instruction is stored in the memory, and the at least one computer program instruction is loaded and executed by the processor, so that the forwarding device executes the method provided by the first aspect or any optional method of the first aspect, the method provided by the second aspect or any optional method of the second aspect, or the method provided by the third aspect or any optional method of the third aspect, and the network interface is used to receive or send messages. The specific details of the forwarding device provided in the seventh aspect can be found in the method provided by the first aspect or any optional method of the first aspect, the method provided by the second aspect or any optional method of the second aspect, or the method provided by the third aspect or any optional method of the third aspect, and the network interface is used to receive or send messages, which will not be repeated here.

第八方面,提供了一种计算设备,该计算设备包括处理器,处理器与存储器耦合,存储器中存储有至少一条计算机程序指令,至少一条计算机程序指令由处理器加载并执行,以使计算设备实现第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法。第八方面提供的计算设备的具体细节可参见上述第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法,此处不再赘述。In an eighth aspect, a computing device is provided, the computing device comprising a processor, the processor being coupled to a memory, the memory storing at least one computer program instruction, the at least one computer program instruction being loaded and executed by the processor, so that the computing device implements the method provided in the first aspect or any optional manner of the first aspect, the method provided in the second aspect or any optional manner of the second aspect, or the method provided in the third aspect or any optional manner of the third aspect. The specific details of the computing device provided in the eighth aspect can be found in the method provided in the first aspect or any optional manner of the first aspect, the method provided in the second aspect or any optional manner of the second aspect, or the method provided in the third aspect or any optional manner of the third aspect, and will not be repeated here.

第九方面,提供了一种计算机可读存储介质,该存储介质中存储有至少一条指令,该指令在计算机上运行时,使得计算机执行上述第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法。In the ninth aspect, a computer-readable storage medium is provided, which stores at least one instruction. When the instruction is executed on a computer, the computer executes the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.

第十方面,提供了一种计算机程序产品,计算机程序产品包括一个或多个计算机程序指令,当计算机程序指令被计算机加载并运行时,使得计算机执行上述第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法。In the tenth aspect, a computer program product is provided, which includes one or more computer program instructions. When the computer program instructions are loaded and executed by a computer, the computer executes the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.

第十一方面,提供了一种芯片,包括存储器和处理器,存储器用于存储计算机指令,处理器用于从存储器中调用并运行该计算机指令,以执行上述第一方面或第一方面任一种可选方式所提供的方法、第二方面或第二方面任一种可选方式所提供的方法或者第三方面或第三方面任一种可选方式所提供的方法。In the eleventh aspect, a chip is provided, comprising a memory and a processor, the memory being used to store computer instructions, and the processor being used to call and run the computer instructions from the memory to execute the method provided by the first aspect or any optional aspect of the first aspect, the method provided by the second aspect or any optional aspect of the second aspect, or the method provided by the third aspect or any optional aspect of the third aspect.

第十二方面,提供了一种网络系统,该网络系统包括上述第四方面的装置以及第五方面的装置。In a twelfth aspect, a network system is provided, which includes the apparatus of the fourth aspect and the apparatus of the fifth aspect.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请实施例提供的一种应用场景的示意图;FIG1 is a schematic diagram of an application scenario provided by an embodiment of the present application;

图2是本申请实施例提供的一种路径验证方法的示意图;FIG2 is a schematic diagram of a path verification method provided in an embodiment of the present application;

图3示出了本申请实施例提供的一种可信路径网络系统的架构图;FIG3 shows an architecture diagram of a trusted path network system provided by an embodiment of the present application;

图4示出了本申请实施例提供的另一种可信路径网络系统的架构图;FIG4 shows an architecture diagram of another trusted path network system provided in an embodiment of the present application;

图5示出了本申请实施例提供的再一种可信路径网络系统的架构图;FIG5 shows an architecture diagram of another trusted path network system provided in an embodiment of the present application;

图6是本申请实施例提供的一种应用场景的示意图;FIG6 is a schematic diagram of an application scenario provided by an embodiment of the present application;

图7是本申请实施例提供的一种报文格式的示意图;FIG7 is a schematic diagram of a message format provided in an embodiment of the present application;

图8是本申请实施例提供的一种报文格式的示意图;FIG8 is a schematic diagram of a message format provided in an embodiment of the present application;

图9是本申请实施例提供的一种AS之间传输数据流的场景示意图;FIG9 is a schematic diagram of a scenario of transmitting data streams between ASs provided in an embodiment of the present application;

图10是本申请实施例提供的一种路径验证方法的流程图;FIG10 is a flow chart of a path verification method provided in an embodiment of the present application;

图11是本申请实施例提供的一种转发证明的获取装置的结构示意图;11 is a schematic diagram of the structure of a device for obtaining a forwarding certificate provided in an embodiment of the present application;

图12是本申请实施例提供的一种转发证明的验证装置的结构示意图;12 is a schematic diagram of the structure of a verification device for forwarding proof provided in an embodiment of the present application;

图13是本申请实施例提供的一种转发证明的获取装置的结构示意图;13 is a schematic diagram of the structure of a device for obtaining a forwarding certificate provided in an embodiment of the present application;

图14是本申请实施例提供的一种设备的结构示意图。FIG. 14 is a schematic diagram of the structure of a device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions and advantages of the present application clearer, the implementation methods of the present application will be further described in detail below in conjunction with the accompanying drawings.

下面对本申请实施例涉及的一些术语概念做解释说明。The following is an explanation of some terminology concepts involved in the embodiments of the present application.

(1)路径验证机制(1) Path Verification Mechanism

路径验证机制是指一种支持验证业务数据实际传输时是否按照预期转发路径转发的技术。本申请的一些实施方式中,基于验证对象的身份信息以及验证对象的顺序位置获得验证对象的转发证明,以向量承诺为参考数据,基于向量承诺、验证对象的身份信息以及验证对象的顺序位置对验证对象的转发证明进行验证,从而实现路径验证机制。例如,如果验证对象的转发证明通过,则转发节点确定验证对象是业务数据预期经过的对象且验证对象的顺序位置满足预期转发路径的要求,则转发节点进一步转发报文,如果验证对象的转发证明不通过,则确定验证对象不是业务数据预期经过的对象或者验证对象的顺序位置满足预期转发路径的要求,则转发节点执行转发报文之外的预定处理动作。The path verification mechanism refers to a technology that supports verification of whether the actual transmission of business data is forwarded along the expected forwarding path. In some embodiments of the present application, the forwarding proof of the verification object is obtained based on the identity information of the verification object and the sequential position of the verification object, and the forwarding proof of the verification object is verified based on the vector commitment, the identity information of the verification object and the sequential position of the verification object, so as to realize the path verification mechanism. For example, if the forwarding proof of the verification object passes, the forwarding node determines that the verification object is the object that the business data is expected to pass through and the sequential position of the verification object meets the requirements of the expected forwarding path, then the forwarding node further forwards the message, if the forwarding proof of the verification object fails, it is determined that the verification object is not the object that the business data is expected to pass through or the sequential position of the verification object meets the requirements of the expected forwarding path, then the forwarding node performs a predetermined processing action other than forwarding the message.

本申请实施例中,验证对象包括设备(节点)级别的验证对象以及自治系统(autonomous system,AS)级别的验证对象。设备级别的验证对象包括当前节点、当前节点的邻居节点或/和上半程路径经过的每个节点其中至少一项。AS级别的验证对象包括当前AS、当前AS的邻居AS、上半程路径经过的每个AS或/和当前AS的下一个AS其中至少一项。相应地,路径验证机制包括设备级别的路径验证方法以及AS级别的路径验证方法。设备级别的路径验证方法例如包括将业务数据传输过程中经过的每个转发节点抽象为验证对象,基于转发节点的身份信息以及转发节点之间的顺序关系对转发节点进行验证。AS级别的路径验证方法例如包括将业务数据传输过程中经过的每个AS抽象为验证对象,基于AS的身份信息以及AS之间的顺序关系对AS进行验证。In an embodiment of the present application, the verification object includes a verification object at the device (node) level and a verification object at the autonomous system (AS) level. The verification object at the device level includes at least one of the current node, the neighbor node of the current node, or/and each node passed by the upper half of the path. The verification object at the AS level includes at least one of the current AS, the neighbor AS of the current AS, each AS passed by the upper half of the path, or/and the next AS of the current AS. Accordingly, the path verification mechanism includes a path verification method at the device level and a path verification method at the AS level. The path verification method at the device level, for example, includes abstracting each forwarding node passed during the service data transmission process as a verification object, and verifying the forwarding node based on the identity information of the forwarding node and the sequential relationship between the forwarding nodes. The path verification method at the AS level, for example, includes abstracting each AS passed during the service data transmission process as a verification object, and verifying the AS based on the identity information of the AS and the sequential relationship between the ASs.

在一些实施方式中,设备级别的路径验证方法以及AS级别的路径验证方法这两种方法中择一执行其中一项。在另一些实施方式中,设备级别的路径验证方法以及AS级别的路径验证方法这两种方法均执行。例如,根据转发节点的网络部署位置确定转发节点所需执行的路径验证方法。例如,AS内部的转发节点执行设备级别的路径验证方法,例如,AS内部的转发节点针对本节点的上一跳节点或者下一跳节点进行路径验证。AS边界的转发节点执行AS级别的路径验证方法。例如,AS边界的转发节点针对本AS的上一个AS或者下一个AS进行路径验证。In some embodiments, one of the two methods, a device-level path verification method and an AS-level path verification method, is selected to be executed. In other embodiments, both the device-level path verification method and the AS-level path verification method are executed. For example, the path verification method that the forwarding node needs to execute is determined according to the network deployment position of the forwarding node. For example, the forwarding node inside the AS executes the device-level path verification method, for example, the forwarding node inside the AS performs path verification for the previous hop node or the next hop node of the node. The forwarding node at the AS boundary executes the AS-level path verification method. For example, the forwarding node at the AS boundary performs path verification for the previous AS or the next AS of the AS.

术语“当前”主要是参考获得数据报文(业务数据)的时间而言的。例如,数据报文在转发过程中到达第i个节点时,第i个节点为当前节点,第i个节点所在的AS为当前AS。当前节点的邻居节点是指与当前节点(数据报文当前传输至的节点)具有邻居关系的节点。例如,当前节点的邻居节点包括当前节点的上一个节点(也称上一跳节点)或者当前节点的下一个节点。针对不同验证对象执行的方法流程的主要区别在于作为算法输入数据的身份信息和顺序位置的不同。The term "current" mainly refers to the time when the data message (business data) is obtained. For example, when the data message arrives at the i-th node during the forwarding process, the i-th node is the current node, and the AS where the i-th node is located is the current AS. The neighbor node of the current node refers to the node that has a neighbor relationship with the current node (the node to which the data message is currently transmitted). For example, the neighbor nodes of the current node include the previous node of the current node (also called the previous hop node) or the next node of the current node. The main difference in the method flow executed for different verification objects lies in the different identity information and sequential position used as algorithm input data.

(2)预期转发路径(2) Expected forwarding path

预期转发路径是指路径规划方在数据报文转发之前确定出的转发路径。例如,预期转发路径是控制器基于网络拓扑进行路径计算从而确定出的转发路径。预期转发路径包括至少两个转发节点。例如,预期转发节点包括关键节点1以及尾节点。在一些实施方式中,预期转发路径还包括位于关键节点1与尾节点之间的一个或多个中间节点。预期转发路径例如为端到端的路径。在基于互联网协议第6版(internet protocol version 6,IPv6)的分段路由(segment routing over IPv6,SRv6)场景下,预期转发路径例如通过段列表(segment list)、候选路径(candidate path,CP)或者SR策略(policy)的形式表征。在多协议标签交换(multi-protocol label switching,MPLS)或者分段路由多协议标签交换(segment routing over multi-protocol label switching,SR-MPLS)的场景下,预期转发路径例如通过MPLS标签栈的形式表征。在SFC的场景下,预期转发路径例如通过业务功能链表征。The expected forwarding path refers to the forwarding path determined by the path planner before forwarding the data packet. For example, the expected forwarding path is the forwarding path determined by the controller by performing path calculation based on the network topology. The expected forwarding path includes at least two forwarding nodes. For example, the expected forwarding nodes include a key node 1 and a tail node. In some embodiments, the expected forwarding path also includes one or more intermediate nodes between the key node 1 and the tail node. The expected forwarding path is, for example, an end-to-end path. In a segment routing (segment routing over IPv6, SRv6) scenario based on Internet Protocol version 6 (internet protocol version 6, IPv6), the expected forwarding path is represented, for example, in the form of a segment list (segment list), a candidate path (candidate path, CP) or an SR policy (policy). In the scenario of multi-protocol label switching (MPLS) or segment routing over multi-protocol label switching (SR-MPLS), the expected forwarding path is represented, for example, by an MPLS label stack. In the scenario of SFC, the expected forwarding path is represented, for example, by a service function chain.

(3)实际转发路径(3) Actual forwarding path

实际转发路径是指数据报文在转发时实际经过的路径。例如,实际转发路径包括从数据报文所进入的网络的入口设备至该网络的出口设备中的每个设备。在本申请提供的一些场景下,实际转发路径中存在两个关键节点之间包括至少一个非关键节点。例如,请参考附图1中的(b),实际转发路径中存在关键节点A、关键节点B和关键节点C,实际转发路径中关键节点A与关键节点B之间存在非关键节点a和非关键节点b,实际转发路径中关键节点B与关键节点C之间存在非关键节点c。The actual forwarding path refers to the path that the data message actually passes through when forwarding. For example, the actual forwarding path includes each device from the ingress device of the network entered by the data message to the egress device of the network. In some scenarios provided in this application, there is at least one non-critical node between two key nodes in the actual forwarding path. For example, please refer to (b) in Figure 1, there are key nodes A, B and C in the actual forwarding path, there are non-critical nodes A and B between key nodes A and B in the actual forwarding path, and there are non-critical nodes C between key nodes B and C in the actual forwarding path.

(4)路径验证机制涉及的角色(4) Roles involved in the path verification mechanism

路径验证机制通常通过路径规划方、转发节点以及验证节点三方实体协同配合实现。其中,路径规划方用于确定向量承诺,转发节点用于在转发业务数据的过程中确定转发证明,验证节点用于对向量承诺与转发证明进行比较从而进行验证。The path verification mechanism is usually implemented through the coordination of the path planner, the forwarding node, and the verification node. The path planner is used to determine the vector commitment, the forwarding node is used to determine the forwarding proof in the process of forwarding business data, and the verification node is used to compare the vector commitment with the forwarding proof for verification.

在一些实施方式中,路径规划方、转发节点以及验证节点这三方实体分离设置。例如,路径规划方为控制器,转发节点为路由器或交换机等转发设备,验证节点为审计方设备、业务数据的目的主机或用户设备。在一种可能的实现中,验证节点部署于转发路径的外界。验证节点与转发路径中的转发节点分离设置于不同硬件设备上。验证节点无需承担报文转发的任务。In some embodiments, the path planner, the forwarding node, and the verification node are physically separated. For example, the path planner is a controller, the forwarding node is a forwarding device such as a router or a switch, and the verification node is an auditing device, a destination host of business data, or a user device. In a possible implementation, the verification node is deployed outside the forwarding path. The verification node is separated from the forwarding node in the forwarding path and is set on different hardware devices. The verification node does not need to undertake the task of message forwarding.

在另一些实施方式中,路径规划方、转发节点以及验证节点这三方实体集成在一起。例如,验证节点与转发节点集成在同一台硬件设备上,该设备承担报文转发的任务以及验证转发证明的任务。换句话说,验证节点是转发节点本身,该转发节点兼任了验证节点的角色,以验证上一跳来源的正确性。例如,在数据实际转发过程之中,由每个转发节点在接收到数据报文时,对数据报文携带的上一个转发节点的转发证明进行验证,从而实现随路验证。又如,在数据传输结束后,由尾节点一次性验证数据报文确实依次经过预期转发路径,而无需每个转发节点均进行路径验证。In other embodiments, the three entities of the path planner, the forwarding node and the verification node are integrated together. For example, the verification node and the forwarding node are integrated on the same hardware device, which undertakes the task of forwarding the message and verifying the forwarding proof. In other words, the verification node is the forwarding node itself, and the forwarding node also serves as the verification node to verify the correctness of the source of the previous hop. For example, in the actual data forwarding process, when each forwarding node receives a data message, it verifies the forwarding proof of the previous forwarding node carried by the data message, thereby realizing on-path verification. For another example, after the data transmission is completed, the tail node verifies once that the data message has indeed passed through the expected forwarding path in sequence, without the need for each forwarding node to perform path verification.

(5)转发节点(5) Forwarding Node

转发节点也称转发设备,转发节点是指用于转发数据的一个设备或多个设备的集合。转发节点例如为网络设备,例如转发节点为交换机、路由器或防火墙等。转发节点又如为计算设备,例如转发节点为服务器或终端。转发节点为物理的设备或虚拟的设备。A forwarding node is also called a forwarding device. A forwarding node refers to a device or a collection of multiple devices used to forward data. For example, a forwarding node is a network device, such as a switch, a router, or a firewall. For example, a forwarding node is a computing device, such as a server or a terminal. A forwarding node is a physical device or a virtual device.

(6)路径规划方(6) Path planning

路径规划方是指用于规划转发路径的实体。在一些实施方式中,路径规划方为控制器。在另一些实施方式中,路径规划方为源主机,源主机是指产生数据报文的设备,例如路径规划方为终端或者服务器。在另一些实施方式中,路径规划方为数据报文进入网络的第一个转发设备,例如预期转发路径中第一个转发节点,例如是交换机或路由器。作为示例,路径规划方为数据报文所进入的网络的第一个转发设备。例如,路径规划方为数据报文所进入的网络的入口设备。A path planner refers to an entity used to plan a forwarding path. In some embodiments, the path planner is a controller. In other embodiments, the path planner is a source host, and the source host refers to a device that generates a data message, for example, the path planner is a terminal or a server. In other embodiments, the path planner is the first forwarding device for a data message to enter a network, such as the first forwarding node in an expected forwarding path, such as a switch or a router. As an example, the path planner is the first forwarding device of the network entered by the data message. For example, the path planner is the entry device of the network entered by the data message.

(7)关键节点(7) Key Nodes

关键节点是一种特定类型的转发节点。术语“关键”主要是基于预期转发路径来定义的。本实施例将预期转发路径中存在的转发节点称为关键节点,将预期转发路径中存在的转发节点所在的AS称为关键AS。A key node is a specific type of forwarding node. The term "key" is mainly defined based on the expected forwarding path. In this embodiment, the forwarding node in the expected forwarding path is called a key node, and the AS where the forwarding node in the expected forwarding path is located is called a key AS.

关键节点也称转发关键节点或者预期的节点。关键节点是路径规划方指定的业务数据在转发过程中需要经过的转发节点。路径规划方确定的预期转发路径中包括至少两个关键节点。关键节点通常支持转发证明的计算的能力或/和转发证明的验证的能力。例如,关键节点保存有与转发证明的计算或/和转发证明的验证功能相关的配置信息,并激活启用了转发证明的计算或/和转发证明的验证的功能。在业务数据传输过程中,当携带业务数据的数据报文到达关键节点时,关键节点能够计算转发证明。Key nodes are also called forwarding key nodes or expected nodes. Key nodes are forwarding nodes that the business data specified by the path planner needs to pass through during the forwarding process. The expected forwarding path determined by the path planner includes at least two key nodes. Key nodes usually support the ability to calculate forwarding proofs and/or the ability to verify forwarding proofs. For example, key nodes store configuration information related to the calculation of forwarding proofs and/or the verification of forwarding proofs, and activate the functions that enable the calculation of forwarding proofs and/or the verification of forwarding proofs. During the transmission of business data, when a data packet carrying business data arrives at a key node, the key node can calculate the forwarding proof.

与关键节点相对的一类转发节点为非关键节点。非关键节点是网络路径规划方没有指定的业务数据要经过的转发节点。非关键节点不位于预期转发路径中。数据报文在实际转发时可能经过一个或多个非关键节点。例如,非关键节点为实际转发路径相较于预期转发路径而言额外多经过的转发节点。非关键节点通常不支持转发证明的计算或/和转发证明的验证功能。或者,非关键节点支持但没有激活转发证明的计算或/和转发证明的验证功能。或者,非关键节点支持但没有启用激活转发证明的计算或/和转发证明的验证功能。非关键节点例如是老旧的设备、能力弱的设备或者第三方网络厂商生产的设备。又如,非关键节点是二层交换机。A type of forwarding node opposite to the critical node is the non-critical node. A non-critical node is a forwarding node that the network path planner has not specified for the business data to pass through. A non-critical node is not located in the expected forwarding path. Data packets may pass through one or more non-critical nodes during actual forwarding. For example, a non-critical node is an additional forwarding node that the actual forwarding path passes through compared to the expected forwarding path. Non-critical nodes generally do not support the calculation of forwarding proofs and/or the verification of forwarding proofs. Alternatively, non-critical nodes support but do not activate the calculation of forwarding proofs and/or the verification of forwarding proofs. Alternatively, non-critical nodes support but do not enable the calculation of forwarding proofs and/or the verification of forwarding proofs. Non-critical nodes are, for example, old devices, devices with weak capabilities, or devices produced by third-party network manufacturers. For another example, a non-critical node is a Layer 2 switch.

控制器在编排预期转发路径时,预先不会知道有哪些非关键节点存在,也不会将非关键节点编排至预期转发路径中。而在实际转发过程中,可能由关键节点自行决定经过这些非关键节点,导致实际转发路径相对于预期转发路径而言多出了这些非关键节点。例如,请参考附图1,关键节点A与关键节点B在预期转发路径中的顺序位置是相邻的。然而关键节点A在实际转发数据报文时,关键节点A并没有直接向关键节点B转发数据报文,而是通过隧道向关键节点B转发数据报文,隧道中经过了非关键节点a和非关键节点b,非关键节点a和非关键节点b用于将来自关键节点A的数据报文转发至关键节点B。由于采用了隧道转发的方式,导致实际转发路径相对于预期转发路径而言多出了非关键节点a和非关键节点b。When arranging the expected forwarding path, the controller does not know in advance which non-critical nodes exist, nor does it arrange the non-critical nodes into the expected forwarding path. In the actual forwarding process, the critical nodes may decide to pass through these non-critical nodes on their own, resulting in the actual forwarding path having more non-critical nodes than the expected forwarding path. For example, please refer to Figure 1, the sequence positions of critical nodes A and B in the expected forwarding path are adjacent. However, when critical node A actually forwards data packets, critical node A does not forward data packets directly to critical node B, but forwards data packets to critical node B through a tunnel, which passes through non-critical nodes a and non-critical nodes b. Non-critical nodes a and non-critical nodes b are used to forward data packets from critical node A to critical node B. Due to the use of tunnel forwarding, the actual forwarding path has more non-critical nodes a and non-critical nodes b than the expected forwarding path.

(8)转发路径锁定性(8) Forwarding path locking

转发路径锁定性是本申请实施例预期达到的一种技术效果。转发路径锁定性是指业务数据在实际传输过程中的确按照路径规划方预先规划的可信路径(预期转发路径)逐跳转发,从而提高业务数据的传输安全性。本申请的一些实施方式中,转发路径锁定性具体包括关键节点身份正确性以及关键节点顺序关系正确性这两个方面的效果。Forwarding path locking is a technical effect that is expected to be achieved by the embodiments of the present application. Forwarding path locking means that during the actual transmission process, the business data is indeed forwarded hop by hop according to the trusted path (expected forwarding path) pre-planned by the path planner, thereby improving the transmission security of the business data. In some implementations of the present application, forwarding path locking specifically includes the effects of the correctness of the key node identity and the correctness of the key node sequence relationship.

关键节点身份正确性是指业务数据在实际传输过程中经过的关键节点的身份与路径规划方预期的关键节点的身份匹配。例如,路径规划方预期业务数据经过N个关键节点,而业务数据在实际传输过程中的确经过该N个关键节点。在本申请的一些实施方式中,由于路径规划方基于预期转发路径中N个关键节点的身份信息确定向量承诺,转发节点基于关键节点的身份信息确定转发证明,验证节点基于向量承诺以及关键节点的身份信息验证转发证明,使得向量承诺与转发证明均与关键节点的身份信息绑定。基于此,利用正确的关键节点的身份信息确定的转发证明才能通过验证,第三方由于难以获得正确的关键节点的身份信息难以伪造正确的转发证明,从而实现关键节点身份正确性。The correctness of the key node identity refers to the match between the identity of the key nodes that the business data passes through during the actual transmission process and the identity of the key nodes expected by the path planner. For example, the path planner expects the business data to pass through N key nodes, and the business data does pass through the N key nodes during the actual transmission process. In some embodiments of the present application, since the path planner determines the vector commitment based on the identity information of the N key nodes in the expected forwarding path, the forwarding node determines the forwarding proof based on the identity information of the key node, and the verification node verifies the forwarding proof based on the vector commitment and the identity information of the key node, the vector commitment and the forwarding proof are both bound to the identity information of the key node. Based on this, only the forwarding proof determined using the correct identity information of the key node can pass the verification. It is difficult for a third party to forge the correct forwarding proof due to the difficulty in obtaining the correct identity information of the key node, thereby achieving the correctness of the key node identity.

关键节点顺序关系正确性也称数据按序转发性、位置锁定性或者顺序位置绑定性,关键节点顺序关系正确性是指实际转发路径中各个关键节点的先后顺序关系与路径规划方确定的预期转发路径中各个关键节点的先后顺序关系一致,而不能跳过预期转发路径中的关键节点,或者额外经过预期转发路径中没有出现的关键节点。例如,路径规划方预期业务数据先经过关键节点A,再经过关键节点B,最后经过关键节点C,业务数据在实际传输过程中也先经过关键节点A,再经过关键节点B,最后经过关键节点C,而不能先经过关键节点C,再经过关键节点B,最后经过关键节点A,也不能跳过关键节点B直接到达关键节点C,或者在经过关键节点C之前额外经过关键节点D。在本申请的一些实施方式中,由于路径规划方由于路径规划方基于预期转发路径中N个关键节点的顺序位置确定向量承诺,转发节点基于关键节点的顺序位置确定转发证明,验证节点基于向量承诺以及关键节点的顺序位置验证转发证明,使得向量承诺与转发证明均与关键节点的顺序位置绑定。基于此,利用正确的关键节点的顺序位置确定的转发证明才能通过验证,第三方由于难以获得正确的关键节点的顺序位置难以伪造正确的转发证明,从而实现关键节点身份正确性。The correctness of the key node sequence relationship is also called data forwarding in order, position locking or sequence position binding. The correctness of the key node sequence relationship means that the sequence relationship of each key node in the actual forwarding path is consistent with the sequence relationship of each key node in the expected forwarding path determined by the path planner, and the key nodes in the expected forwarding path cannot be skipped, or additional key nodes that do not appear in the expected forwarding path are passed. For example, the path planner expects that the business data will first pass through key node A, then key node B, and finally key node C. In the actual transmission process, the business data will also first pass through key node A, then key node B, and finally key node C, but it cannot pass through key node C first, then key node B, and finally key node A. It cannot skip key node B and directly reach key node C, or pass through key node D before passing through key node C. In some embodiments of the present application, the path planner determines the vector commitment based on the sequential positions of N key nodes in the expected forwarding path, the forwarding node determines the forwarding proof based on the sequential positions of the key nodes, and the verification node verifies the forwarding proof based on the vector commitment and the sequential positions of the key nodes, so that both the vector commitment and the forwarding proof are bound to the sequential positions of the key nodes. Based on this, only the forwarding proof determined by the correct sequential positions of the key nodes can pass the verification, and it is difficult for a third party to forge the correct forwarding proof due to the difficulty in obtaining the correct sequential positions of the key nodes, thereby achieving the correctness of the key node identity.

在本申请的一些实施方式中,通过结合关键节点的顺序位置以及关键节点的身份信息获得向量承诺,使得向量承诺不仅仅和关键节点的身份信息有关,还和关键节点的顺序位置有关,因此基于该向量承诺验证转发证明时,满足顺序关系正确且身份信息正确这一条件而生成的转发证明才能通过验证。基于此,如果路径规划方指定业务数据经过第一关键节点且业务数据经过的第i个关键节点为第一关键节点,通过第一关键节点的正确的身份信息以及第一关键节点的正确的顺序位置(i)才能计算出正确的转发证明p_i,转发证明难以由他人伪造。反之,如果业务数据在实际转发过程中跳过预期的关键节点,或者路过多余的未预期的关键节点,那么业务数据传输至被跳过的关键节点或者多余的关键节点的下游关键节点时,下游关键节点的顺序位置会与预期的顺序位置不一致,因此在下游关键节点获得的转发证明无法通过验证,从而能够同时实现关键节点身份正确性以及关键节点顺序关系正确性。In some embodiments of the present application, a vector commitment is obtained by combining the sequence position of the key node and the identity information of the key node, so that the vector commitment is not only related to the identity information of the key node, but also to the sequence position of the key node. Therefore, when verifying the forwarding proof based on the vector commitment, the forwarding proof generated by satisfying the conditions of correct sequence relationship and correct identity information can pass the verification. Based on this, if the path planning party specifies that the business data passes through the first key node and the i-th key node passed by the business data is the first key node, the correct forwarding proof p_i can be calculated by the correct identity information of the first key node and the correct sequence position (i) of the first key node, and the forwarding proof is difficult to be forged by others. On the contrary, if the business data skips the expected key node or passes through the extra unexpected key node during the actual forwarding process, then when the business data is transmitted to the downstream key node of the skipped key node or the extra key node, the sequence position of the downstream key node will be inconsistent with the expected sequence position, so the forwarding proof obtained at the downstream key node cannot pass the verification, so that the correctness of the key node identity and the correctness of the key node sequence relationship can be achieved at the same time.

例如,预期转发路径为关键节点A→关键节点B→关键节点C→关键节点D,则关键节点A的预期顺序位置为1,关键节点B的预期顺序位置为2,关键节点C的预期顺序位置为3,关键节点D的预期顺序位置为4。在业务数据实际上按照预期转发路径逐跳转发的情况下,基于关键节点A的身份以及关键节点A的预期顺序位置(1)、关键节点B的身份以及关键节点B的预期顺序位置(2)、关键节点C的身份以及关键节点C的预期顺序位置(3)或者关键节点D的身份以及关键节点D的预期顺序位置(4)获得的转发证明1能够通过验证。如果在转发过程中跳过了预期经过的关键节点C,实际的转发路径2为关键节点A→关键节点B→关键节点D。以关键节点D为例,关键节点D基于实际顺序位置(3)和身份(D)获得转发证明2。由于转发证明2所基于的实际顺序位置(3)和身份(D)不匹配,因此转发证明2无法通过验证。又如,在路过多余的未指定的节点的情况下,添加了一个多余的关键节点E到转发路径1中,实际的转发路径2为关键节点A→关键节点B→关键节点C→关键节点E→关键节点D。如果使用关键节点D在转发路径2上的实际顺序位置(5)和身份(D)来计算转发证明2,并用一开始生成的承诺进行相邻验证,由于转发证明2所基于的实际顺序位置(5)和身份(D)不匹配,因此转发证明2也无法通过验证。For example, if the expected forwarding path is key node A→key node B→key node C→key node D, then the expected sequence position of key node A is 1, the expected sequence position of key node B is 2, the expected sequence position of key node C is 3, and the expected sequence position of key node D is 4. In the case where the service data is actually forwarded hop by hop along the expected forwarding path, the forwarding proof 1 obtained based on the identity of key node A and the expected sequence position of key node A (1), the identity of key node B and the expected sequence position of key node B (2), the identity of key node C and the expected sequence position of key node C (3), or the identity of key node D and the expected sequence position of key node D (4) can pass the verification. If the key node C that is expected to be passed is skipped during the forwarding process, the actual forwarding path 2 is key node A→key node B→key node D. Taking key node D as an example, key node D obtains forwarding proof 2 based on the actual sequence position (3) and identity (D). Since the actual sequence position (3) and identity (D) based on forwarding proof 2 do not match, forwarding proof 2 cannot pass the verification. For another example, in the case of passing through extra unspecified nodes, an extra key node E is added to forwarding path 1, and the actual forwarding path 2 is key node A→key node B→key node C→key node E→key node D. If the actual sequence position (5) and identity (D) of key node D on forwarding path 2 are used to calculate forwarding proof 2, and the commitment generated at the beginning is used for adjacent verification, because the actual sequence position (5) and identity (D) on which forwarding proof 2 is based do not match, forwarding proof 2 also cannot pass verification.

(9)路径验证的容错性(9) Fault Tolerance of Path Verification

路径验证的容错性是本申请实施例预期达到的一种技术效果。路径验证的容错性包括节点级别的容错性以及AS级别的容错性。The fault tolerance of path verification is a technical effect expected to be achieved by the embodiments of the present application. The fault tolerance of path verification includes node-level fault tolerance and AS-level fault tolerance.

节点级别的路径验证的容错性是指在实现路径锁定性的同时,允许业务数据在实际传输过程中经过非关键节点,降低非关键节点下游的关键节点由于对转发证明验证不通过造成中断业务数据传输或者输出告警的风险。换句话说,支持实际转发路径中两个关键节点之间存在一个多个关键节点,而不必严格要求每个关键节点在预期转发路径中的顺序位置与对应关键节点在实际转发路径中的顺序位置中相同,才能使得转发证明验证通过。The fault tolerance of node-level path verification means that while achieving path locking, business data is allowed to pass through non-critical nodes during the actual transmission process, reducing the risk of critical nodes downstream of non-critical nodes interrupting business data transmission or outputting alarms due to failure of forwarding proof verification. In other words, it supports the existence of one or more critical nodes between two critical nodes in the actual forwarding path, without strictly requiring that the sequential position of each critical node in the expected forwarding path is the same as the sequential position of the corresponding critical node in the actual forwarding path in order for the forwarding proof verification to pass.

需要实现非关键节点的容错性的典型应用场景为业务数据在实际转发过程中经过了非关键节点。例如,业务数据预期经过的至少两个关键节点的先后顺序与该至少两个关键节点实际转发业务数据的先后顺序相同,且该至少两个关键节点预期的顺序位置与该至少两个关键节点实际转发业务数据的顺序位置不同。例如,第一数据报文的实际转发路径相较于第一数据报文的预期转发路径存在额外的非关键节点。A typical application scenario where fault tolerance of non-critical nodes is required is when the business data passes through non-critical nodes during the actual forwarding process. For example, the order of at least two critical nodes that the business data is expected to pass through is the same as the order in which the at least two critical nodes actually forward the business data, and the expected sequence position of the at least two critical nodes is different from the sequence position of the at least two critical nodes actually forwarding the business data. For example, the actual forwarding path of the first data message has additional non-critical nodes compared to the expected forwarding path of the first data message.

作为示例,关键节点A和关键节点B在预期转发路径中顺序位置相邻,但关键节点A与关键节点B在实际传输业务数据过程中建立了隧道,关键节点A通过隧道中的一系列中间节点将业务数据传输至关键节点B,导致关键节点A和关键节点B在实际转发路径中的顺序位置不相邻。As an example, critical node A and critical node B are adjacent in sequence in the expected forwarding path, but critical node A and critical node B establish a tunnel during the actual transmission of business data. Critical node A transmits business data to critical node B through a series of intermediate nodes in the tunnel, resulting in critical node A and critical node B being non-adjacent in sequence in the actual forwarding path.

比如说,预期转发路径是由三层转发设备组成的三层转发路径,该三层转发路径中关键节点B是关键节点A的下一个转发节点,而关键节点A实际上通过二层隧道将业务数据传输至关键节点B,二层隧道经过一个或多个二层转发设备,导致关键节点A和关键节点B在实际转发路径中的顺序位置不相邻,实际转发路径中关键节点A与关键节点B之间存在二层隧道经过的每个二层转发设备。For example, an expected forwarding path is a three-layer forwarding path composed of three-layer forwarding devices. In the three-layer forwarding path, key node B is the next forwarding node of key node A, and key node A actually transmits service data to key node B through a two-layer tunnel. The two-layer tunnel passes through one or more two-layer forwarding devices, resulting in that the sequence positions of key node A and key node B in the actual forwarding path are not adjacent. In the actual forwarding path, there is each two-layer forwarding device through which the two-layer tunnel passes between key node A and key node B.

又如,预期转发路径是由SRv6端点设备组成的SRv6路径,该SRv6路径中关键节点B是关键节点A的下一个SRv6端点设备,而关键节点A实际上通过IP层隧道将业务数据传输至关键节点B,IP层隧道经过一个或多个原生的(native)IPv6转发设备,导致关键节点A和关键节点B在实际转发路径中的顺序位置不相邻,实际转发路径中关键节点A与关键节点B之间存在IP层隧道经过的每个native IPv6转发设备。For another example, an expected forwarding path is an SRv6 path composed of SRv6 endpoint devices. Key node B in the SRv6 path is the next SRv6 endpoint device of key node A, and key node A actually transmits service data to key node B through an IP layer tunnel. The IP layer tunnel passes through one or more native IPv6 forwarding devices, resulting in non-adjacent sequential positions of key node A and key node B in the actual forwarding path. In the actual forwarding path, there exists each native IPv6 forwarding device through which the IP layer tunnel passes between key node A and key node B.

非关键节点下游的关键节点对转发证明验证不通过的主要原因在于,路径规划方基于关键节点在预期转发路径中的顺序位置计算向量承诺。如果关键节点使用关键节点在实际转发路径中的顺序位置计算转发证明,使用向量承诺以及关键节点在实际转发路径中的顺序位置验证转发证明,在关键节点在实际转发路径中的顺序位置与关键节点在预期转发路径中的顺序位置不同的情况下(顺序位置不同的原因和场景请参考后文描述),计算向量承诺所基于的顺序位置相较于计算转发证明所基于的顺序位置有偏差,导致关键节点基于向量承诺对转发证明验证不通过。The main reason why the key nodes downstream of the non-key nodes fail to verify the forwarding proof is that the path planner calculates the vector commitment based on the sequential position of the key nodes in the expected forwarding path. If the key node uses the sequential position of the key node in the actual forwarding path to calculate the forwarding proof, and uses the vector commitment and the sequential position of the key node in the actual forwarding path to verify the forwarding proof, when the sequential position of the key node in the actual forwarding path is different from the sequential position of the key node in the expected forwarding path (please refer to the following description for the reasons and scenarios for the different sequential positions), the sequential position based on which the vector commitment is calculated deviates from the sequential position based on which the forwarding proof is calculated, resulting in the key node failing to verify the forwarding proof based on the vector commitment.

此外,由于业务数据实际传输过程经过哪些转发节点具有一定程度的不确定性,路径规划方通常无法感知关键节点在实际转发路径中的顺序位置,路径规划方也无法感知实际转发路径中非关键节点的存在,因此路径规划方也难以通过使用关键节点在实际转发路径中的顺序位置计算向量承诺来实现容错性。In addition, since there is a certain degree of uncertainty about which forwarding nodes the actual transmission process of business data passes through, the path planner is usually unable to perceive the sequential position of the key nodes in the actual forwarding path, and the path planner is also unable to perceive the existence of non-critical nodes in the actual forwarding path. Therefore, it is difficult for the path planner to achieve fault tolerance by using the sequential position of the key nodes in the actual forwarding path to calculate the vector commitment.

有鉴于此,本申请的一些实施方式中,关键节点由于使用关键节点在预期转发路径中的顺序位置计算转发证明,使用向量承诺以及关键节点在预期转发路径中的顺序位置验证转发证明,使得计算向量承诺所基于的顺序位置与计算转发证明所基于的顺序位置一致,因此降低基于向量承诺对转发证明验证不通过导致中断业务数据传输或者输出告警的风险。In view of this, in some embodiments of the present application, the key node uses the sequential position of the key node in the expected forwarding path to calculate the forwarding proof, and uses vector commitment and the sequential position of the key node in the expected forwarding path to verify the forwarding proof, so that the sequential position based on which the vector commitment is calculated is consistent with the sequential position based on which the forwarding proof is calculated, thereby reducing the risk of interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof based on vector commitment.

(10)关键节点在预期转发路径中的顺序位置(10) The sequential position of key nodes in the expected forwarding path

关键节点在预期转发路径的顺序位置也称关键节点的预期顺序位置、预期顺序或者关键节点的相对顺序位置。关键节点在预期转发路径的顺序位置用于表征该关键节点与预期转发路径中其他关键节点(例如第一个关键节点)之间的顺序关系。关键节点在预期转发路径的顺序位置也能够表征该关键节点相较于预期转发路径中其他关键节点转发数据报文的先后顺序。例如,关键节点在预期转发路径的顺序位置越小,关键节点的顺序位置越靠近预期转发路径的第1个关键节点,关键节点相较于其他关键节点而言越先执行数据报文转发。反之,关键节点在预期转发路径的顺序位置越大,表征关键节点的顺序位置越靠近预期转发路径的最后一个转发节点,关键节点相较于其他转发节点而言越晚执行数据报文转发。The sequential position of a key node in an expected forwarding path is also referred to as the expected sequential position of the key node, the expected order, or the relative sequential position of the key node. The sequential position of a key node in an expected forwarding path is used to characterize the sequential relationship between the key node and other key nodes (e.g., the first key node) in the expected forwarding path. The sequential position of a key node in an expected forwarding path can also characterize the order in which the key node forwards data messages compared to other key nodes in the expected forwarding path. For example, the smaller the sequential position of a key node in an expected forwarding path, the closer the sequential position of the key node is to the first key node in the expected forwarding path, and the earlier the key node forwards data messages compared to other key nodes. Conversely, the larger the sequential position of a key node in an expected forwarding path, the closer the sequential position of the key node is to the last forwarding node in the expected forwarding path, and the later the key node forwards data messages compared to other forwarding nodes.

在一些实施方式中,预期转发路径中的顺序位置的数据形式是序号(也称序列号),以下将表征预期转发路径中的顺序位置的序号简称为预期序号。例如,预期序号为正整数。例如,预期序号采用升序的方式表征从先到后的顺序。比如说,对于一个经过N个关键节点的预期转发路径而言,第一个关键节点的预期序号是1,第二个关键节点的预期序号是2,以此类推,每个关键节点比上一个关键节点的预期序号大1,第n个关键节点的预期序号是N。In some embodiments, the data form of the sequential position in the expected forwarding path is a sequence number (also called a serial number), and the sequence number representing the sequential position in the expected forwarding path is referred to as the expected sequence number below. For example, the expected sequence number is a positive integer. For example, the expected sequence number uses an ascending method to represent the order from first to last. For example, for an expected forwarding path passing through N key nodes, the expected sequence number of the first key node is 1, the expected sequence number of the second key node is 2, and so on. Each key node is 1 greater than the expected sequence number of the previous key node, and the expected sequence number of the nth key node is N.

例如,请参考附图1,附图1中的“A-1”表征关键节点A在预期转发路径中的顺序位置(预期序号)是1,“B-2”表征转发节点B在预期转发路径中的顺序位置(预期序号)是2,“C-3”转发节点C在预期转发路径中的顺序位置(预期序号)是3,换句话说,控制器在路径规划阶段规划的三个转发节点转发数据报文的先后顺序是,关键节点A第1个转发数据报文,转发节点B第2个转发数据报文,转发节点C第3个转发数据报文。For example, please refer to Figure 1, in which "A-1" indicates that the sequence position (expected sequence number) of key node A in the expected forwarding path is 1, "B-2" indicates that the sequence position (expected sequence number) of forwarding node B in the expected forwarding path is 2, and "C-3" indicates that the sequence position (expected sequence number) of forwarding node C in the expected forwarding path is 3. In other words, the order in which the three forwarding nodes planned by the controller in the path planning stage forward data packets is: key node A forwards the first data packet, forwarding node B forwards the second data packet, and forwarding node C forwards the third data packet.

可替代的,各个转发节点的预期序号采用降序的方式表征从先到后的顺序。转发节点_i的预期序号越大,表征转发节点_i的顺序位置越靠近预期转发路径的第1个转发节点,转发节点_i相较于其他转发节点而言越先执行数据报文转发。Alternatively, the expected sequence number of each forwarding node is represented in descending order. The larger the expected sequence number of the forwarding node_i is, the closer the sequence position of the forwarding node_i is to the first forwarding node of the expected forwarding path, and the earlier the forwarding node_i performs data message forwarding compared to other forwarding nodes.

当然,转发节点_i在预期转发路径中的顺序位置与转发节点_i的预期序号不一定是数值相等的关系,也可以通过公式或者表格,利用转发节点_i的预期序号换算出转发节点_i在预期转发路径中的顺序位置。或者,预期转发路径中的顺序位置也可以采用序号之外的其他数据形式。只要能够实现表征关键节点之间的顺序关系的数据均可以作为预期转发路径中的顺序位置,本实施例对预期转发路径中的顺序位置采用哪种数据形式不做限定。Of course, the sequential position of forwarding node_i in the expected forwarding path and the expected sequence number of forwarding node_i are not necessarily in a numerically equal relationship, and the sequential position of forwarding node_i in the expected forwarding path can also be calculated using the expected sequence number of forwarding node_i through a formula or table. Alternatively, the sequential position in the expected forwarding path can also be in other data forms besides the sequence number. As long as the data that can represent the sequential relationship between key nodes can be used as the sequential position in the expected forwarding path, this embodiment does not limit which data form the sequential position in the expected forwarding path uses.

在一些实施方式中,预期转发路径的顺序位置由路径规划方在规划路径阶段确定的。例如,路径规划方基于路径规划的需求,为每个关键节点分配对应的顺序位置,以表征各个关键节点转发数据报文的顺序关系。In some implementations, the sequence position of the expected forwarding path is determined by the path planner during the path planning stage. For example, the path planner assigns a corresponding sequence position to each key node based on the path planning requirements to characterize the sequence relationship of forwarding data packets by each key node.

针对预期转发路径中的顺序位置的用途,在本申请的一些实施方式中,预期转发路径中的顺序位置用于确定向量承诺、转发证明的计算和转发证明的验证。例如,控制面在确定向量承诺以及转发面在计算转发证明时均使用各个关键节点在预期转发路径中的顺序位置。预期转发路径中的顺序位置的具体使用方式可参考后续方法实施例的介绍。Regarding the use of the sequential position in the expected forwarding path, in some embodiments of the present application, the sequential position in the expected forwarding path is used to determine the vector commitment, the calculation of the forwarding proof, and the verification of the forwarding proof. For example, the control plane uses the sequential position of each key node in the expected forwarding path when determining the vector commitment and the forwarding plane uses the sequential position of each key node in the expected forwarding path when calculating the forwarding proof. The specific use of the sequential position in the expected forwarding path can be referred to the introduction of the subsequent method embodiments.

(11)实际转发路径中的顺序位置(11) Sequential position in the actual forwarding path

实际转发路径中顺序位置用于表征实际转发路径中经过的各个节点之间的顺序关系。转发节点在实际转发路径中的顺序位置也称转发节点的实际顺序位置或者真实顺序位置。The sequence position in the actual forwarding path is used to characterize the sequence relationship between the nodes passed in the actual forwarding path. The sequence position of the forwarding node in the actual forwarding path is also called the actual sequence position or true sequence position of the forwarding node.

在一些实施方式中,实际转发路径中的顺序位置的数据形式是序号(也称序列号),以下将表征实际转发路径中的顺序位置的序号简称为实际序号。例如,实际序号为正整数。例如,实际序号采用升序的方式表征从先到后的顺序。比如说,对于一个经过n个转发节点(包括关键节点和非关键节点)的实际转发路径而言,第一个转发节点的实际序号是1,第二个转发节点的实际序号是2,以此类推,每个转发节点比上一个转发节点的实际序号大1,第n个转发节点的实际序号是n。In some embodiments, the data form of the sequential position in the actual forwarding path is a sequence number (also called a serial number), and the sequence number representing the sequential position in the actual forwarding path is referred to as the actual sequence number below. For example, the actual sequence number is a positive integer. For example, the actual sequence number uses an ascending method to represent the order from first to last. For example, for an actual forwarding path passing through n forwarding nodes (including key nodes and non-key nodes), the actual sequence number of the first forwarding node is 1, the actual sequence number of the second forwarding node is 2, and so on. Each forwarding node is 1 greater than the actual sequence number of the previous forwarding node, and the actual sequence number of the nth forwarding node is n.

针对实际转发路径中顺序位置的用途,在本申请的一些实施方式中,实际转发路径中顺序位置用于实现非关键节点的可记录性。例如,实际转发路径中顺序位置会由转发节点添加至数据报文中,在数据报文转发过程中,数据报文携带实际转发路径中顺序位置。在本申请的一些实施方式中,为了避免由于实际转发路径中顺序位置与预期转发路径中顺序位置不一致,利用实际转发路径中顺序位置确定出的转发证明与利用预期转发路径中顺序位置确定出的向量承诺不匹配,导致利用实际转发路径中顺序位置确定出的转发证明无法通过验证进而造成传输失败,实际转发路径中顺序位置既不用于确定向量承诺,且不用于转发证明的计算,且不用于转发证明的验证,从而实现非关键节点的容错性,当然,在无需实现非关键节点的容错性的情况下,实际转发路径中顺序位置也能够用于确定向量承诺,转发证明的计算以及转发证明的验证。Regarding the purpose of the sequence position in the actual forwarding path, in some embodiments of the present application, the sequence position in the actual forwarding path is used to achieve the recordability of non-critical nodes. For example, the sequence position in the actual forwarding path will be added to the data message by the forwarding node, and in the process of forwarding the data message, the data message carries the sequence position in the actual forwarding path. In some embodiments of the present application, in order to avoid the mismatch between the forwarding proof determined by the sequence position in the actual forwarding path and the vector commitment determined by the sequence position in the expected forwarding path due to the inconsistency between the sequence position in the actual forwarding path and the sequence position in the expected forwarding path, resulting in the forwarding proof determined by the sequence position in the actual forwarding path being unable to pass the verification and thus causing the transmission failure, the sequence position in the actual forwarding path is neither used to determine the vector commitment, nor used for the calculation of the forwarding proof, nor used for the verification of the forwarding proof, thereby achieving the fault tolerance of non-critical nodes. Of course, in the case where the fault tolerance of non-critical nodes does not need to be achieved, the sequence position in the actual forwarding path can also be used to determine the vector commitment, the calculation of the forwarding proof and the verification of the forwarding proof.

在确定实际转发路径的顺序位置的一些实施方式中,在应用于互联网协议第4版(internet protocol version 4,IPv4)网络的场景下,实际转发路径的顺序位置是基于TTL确定的。作为示例,数据报文包括IPv4报文头(IPv4 header),IPv4报文头包括生存时间(time to live,TTL),转发节点_i识别TTL的值,基于TTL的值获得转发节点_i在转发路径上所处的位置i。如果TTL的初始值为k,由于每经过一个节点,TTL的值减少1,则当转发节点_i接收到的数据报文,识别出数据报文携带的TTL的值为n-i,则节点_i确定本节点是转发路径中第i个节点。作为示例,转发路径中第1个转发节点接收到数据报文后,第1个转发节点基于数据报文中的TTL是255,确定本节点在实际转发路径的顺序位置=256-255=1,第1个转发节点将数据报文中的TTL从255更新为254后转发给第2个转发节点。转发路径中第2个转发节点接收到数据报文后,第2个转发节点基于数据报文中的TTL是254,确定本节点在实际转发路径的顺序位置=256-254=2,第2个转发节点将数据报文中的TTL从254更新为253后转发给第3个转发节点。转发路径中第3个转发节点接收到数据报文后,第3个转发节点基于数据报文中的TTL是253,确定本节点在实际转发路径的顺序位置=256-253=3,依次类推。In some embodiments of determining the sequential position of the actual forwarding path, in a scenario applied to an Internet Protocol version 4 (IPv4) network, the sequential position of the actual forwarding path is determined based on TTL. As an example, a data message includes an IPv4 header, and the IPv4 header includes a time to live (TTL). The forwarding node_i identifies the value of the TTL and obtains the position i of the forwarding node_i on the forwarding path based on the value of the TTL. If the initial value of the TTL is k, since the value of the TTL decreases by 1 for each node passed, when the forwarding node_i receives a data message and identifies that the value of the TTL carried by the data message is n-i, the node_i determines that the node is the i-th node in the forwarding path. As an example, after the first forwarding node in the forwarding path receives the data message, the first forwarding node determines that the sequence position of the node in the actual forwarding path is 256-255=1 based on the TTL in the data message being 255. The first forwarding node updates the TTL in the data message from 255 to 254 and then forwards it to the second forwarding node. After the second forwarding node in the forwarding path receives the data message, the second forwarding node determines that the sequence position of the node in the actual forwarding path is 256-254=2 based on the TTL in the data message being 254. The second forwarding node updates the TTL in the data message from 254 to 253 and then forwards it to the third forwarding node. After the third forwarding node in the forwarding path receives the data message, the third forwarding node determines that the sequence position of the node in the actual forwarding path is 256-253=3 based on the TTL in the data message being 253, and so on.

在确定实际转发路径的顺序位置的一些实施方式中,在应用于IPv6网络的场景下,实际转发路径的顺序位置是基于跳数限制(hop limit)确定的。作为示例,数据报文包括IPv6报文头(IPv6 header),IPv6报文头包括hop limit,转发节点_i识别hop limit的值,基于hop limit的值获得转发节点_i在转发路径上所处的位置i。如果hop limit的初始值为k,由于每经过一个节点,hop limit的值减少1,则当转发节点_i接收到的数据报文,识别出数据报文携带的hop limit的值为n-i,则节点_i确定本节点是转发路径中第i个节点。作为示例,转发路径中第1个转发节点接收到数据报文后,第1个转发节点基于数据报文中的hop limit是255,确定本节点在实际转发路径的顺序位置=256-255=1,第1个转发节点将数据报文中的hop limit从255更新为254后转发给第2个转发节点。转发路径中第2个转发节点接收到数据报文后,第2个转发节点基于数据报文中的hop limit是254,确定本节点在实际转发路径的顺序位置=256-254=2,第2个转发节点将数据报文中的hop limit从254更新为253后转发给第3个转发节点。转发路径中第3个转发节点接收到数据报文后,第3个转发节点基于数据报文中的hop limit是253,确定本节点在实际转发路径的顺序位置=256-253=3,依次类推。In some embodiments of determining the sequential position of the actual forwarding path, in the scenario applied to the IPv6 network, the sequential position of the actual forwarding path is determined based on the hop limit. As an example, the data message includes an IPv6 message header (IPv6 header), the IPv6 message header includes hop limit, the forwarding node_i identifies the value of hop limit, and obtains the position i of the forwarding node_i on the forwarding path based on the value of hop limit. If the initial value of hop limit is k, since the value of hop limit decreases by 1 for each node passed, when the forwarding node_i receives the data message, it is identified that the value of hop limit carried by the data message is n-i, then the node_i determines that the node is the i-th node in the forwarding path. As an example, after the first forwarding node in the forwarding path receives the data message, the first forwarding node determines that the sequence position of this node in the actual forwarding path is 256-255=1 based on the hop limit in the data message is 255. The first forwarding node updates the hop limit in the data message from 255 to 254 and then forwards it to the second forwarding node. After the second forwarding node in the forwarding path receives the data message, the second forwarding node determines that the sequence position of this node in the actual forwarding path is 256-254=2 based on the hop limit in the data message is 254. The second forwarding node updates the hop limit in the data message from 254 to 253 and then forwards it to the third forwarding node. After the third forwarding node in the forwarding path receives the data message, the third forwarding node determines that the sequence position of this node in the actual forwarding path is 256-253=3 based on the hop limit in the data message is 253, and so on.

在确定实际转发路径的顺序位置的一些实施方式中,应用于SFC的场景下,实际转发路径的顺序位置是基于服务索引(service index,SI)确定的。服务索引(SI)是网络服务报头(network service header,NSH)中一个字段。SI取值范围是从255到0,每当经过一个数据报文则SI按1递减,转发节点识别出NSH中SI的值后,可以将256-SI的值作为本节点在实际转发路径的顺序位置。In some implementations of determining the sequential position of the actual forwarding path, in the scenario of SFC, the sequential position of the actual forwarding path is determined based on the service index (SI). The service index (SI) is a field in the network service header (NSH). The SI value range is from 255 to 0, and the SI decreases by 1 every time a data message passes. After the forwarding node identifies the value of SI in the NSH, it can use the value of 256-SI as the sequential position of the node in the actual forwarding path.

(12)预期转发路径的顺序位置与实际转发路径的顺序位置之间的区别(12) The difference between the sequence position of the expected forwarding path and the sequence position of the actual forwarding path

转发节点_i在预期转发路径的顺序位置与转发节点_i在实际转发路径的顺序位置可能相同的,也可能是不同的。转发节点_i在实际转发路径的顺序位置与转发节点_i在预期转发路径的顺序位置是否相同主要取决于实际转发路径中是否存在非关键节点。The sequence position of forwarding node_i in the expected forwarding path may be the same as or different from the sequence position of forwarding node_i in the actual forwarding path. Whether the sequence position of forwarding node_i in the actual forwarding path is the same as the sequence position of forwarding node_i in the expected forwarding path mainly depends on whether there are non-critical nodes in the actual forwarding path.

在一些场景中,由于实际转发路径中经过一个或多个非关键节点,而这些非关键节点没有路径规划方被编排至预期转发路径,导致转发节点在实际转发路径中的顺序位置相较于该转发节点在预期转发路径中的顺序位置存在偏差。转发节点在实际转发路径中的顺序位置与该转发节点在预期转发路径中的顺序位置之间的顺序偏差表征了实际转发路径中位于该关键节点上游的非关键节点的数量。In some scenarios, because the actual forwarding path passes through one or more non-critical nodes, and these non-critical nodes are not arranged into the expected forwarding path by the path planning party, the sequence position of the forwarding node in the actual forwarding path is deviated from the sequence position of the forwarding node in the expected forwarding path. The sequence deviation between the sequence position of the forwarding node in the actual forwarding path and the sequence position of the forwarding node in the expected forwarding path represents the number of non-critical nodes located upstream of the critical node in the actual forwarding path.

例如,请参考附图1中的(a),转发节点B在预期转发路径中的顺序位置是2,由于实际转发路径中转发节点B的上游存在关键节点A和转发节点b,关键节点A和转发节点b均没有被路径规划方编排至转发路径中,导致转发节点B在实际转发路径中的顺序位置是4。转发节点B在实际转发路径中的顺序位置(4)相较于转发节点B在预期转发路径中的顺序位置(2)之间相差了4-2=2,2表征了转发节点B的上游的非关键节点(关键节点A和转发节点b)的数量。又如,转发节点C在预期转发路径中的顺序位置是3,由于实际转发路径中转发节点C的上游存在关键节点A、转发节点b和转发节点c,关键节点A、转发节点b和转发节点c均没有被路径规划方编排至转发路径中,导致转发节点C在实际转发路径中的顺序位置是6。转发节点C在实际转发路径中的顺序位置(6)相较于转发节点C在预期转发路径中的顺序位置(3)之间相差了6-3=3,3表征了转发节点C的上游的非关键节点(关键节点A、转发节点b和转发节点c)的数量。For example, please refer to (a) in FIG. 1 , the sequence position of forwarding node B in the expected forwarding path is 2. Since there are key nodes A and forwarding node b upstream of forwarding node B in the actual forwarding path, key nodes A and forwarding node b are not arranged into the forwarding path by the path planner, resulting in the sequence position of forwarding node B in the actual forwarding path being 4. The sequence position (4) of forwarding node B in the actual forwarding path differs from the sequence position (2) of forwarding node B in the expected forwarding path by 4-2=2, where 2 represents the number of non-key nodes (key nodes A and forwarding node b) upstream of forwarding node B. For another example, the sequence position of forwarding node C in the expected forwarding path is 3. Since there are key nodes A, forwarding node b and forwarding node c upstream of forwarding node C in the actual forwarding path, key nodes A, forwarding node b and forwarding node c are not arranged into the forwarding path by the path planner, resulting in the sequence position of forwarding node C in the actual forwarding path being 6. The sequence position (6) of forwarding node C in the actual forwarding path differs from the sequence position (3) of forwarding node C in the expected forwarding path by 6-3=3, where 3 represents the number of non-critical nodes upstream of forwarding node C (critical node A, forwarding node b and forwarding node c).

由于实际转发路径中不同关键节点之间可能插入非关键节点,导致在预期转发路径中顺序位置连续的两个关键节点在实际转发路径中的顺序位置不连续。例如,预期转发路径包括位置相邻的第一转发节点和第二转发节点。第一转发节点在预期转发路径的顺序位置和第二转发节点在预期转发路径的顺序位置连续(例如顺序位置之差为1),由于实际转发路径中第一转发节点和第二转发节点之间存在一个或多个非关键节点,导致第一转发节点在实际转发路径的顺序位置和第二转发节点在实际转发路径的顺序位置取值不连续,第一转发节点和第二转发节点在实际转发路径的顺序位置的偏差表征了位于第一转发节点和第二转发节点之间的非关键节点的数量。Since non-critical nodes may be inserted between different critical nodes in the actual forwarding path, the sequential positions of two critical nodes that are continuous in the expected forwarding path are discontinuous in the actual forwarding path. For example, the expected forwarding path includes a first forwarding node and a second forwarding node that are adjacent in position. The sequential position of the first forwarding node in the expected forwarding path and the sequential position of the second forwarding node in the expected forwarding path are continuous (for example, the difference in the sequential positions is 1). Since there are one or more non-critical nodes between the first forwarding node and the second forwarding node in the actual forwarding path, the sequential position of the first forwarding node in the actual forwarding path and the sequential position of the second forwarding node in the actual forwarding path are discontinuous. The deviation of the sequential positions of the first forwarding node and the second forwarding node in the actual forwarding path represents the number of non-critical nodes between the first forwarding node and the second forwarding node.

例如,请参考附图1中的(a),关键节点A和转发节点B在预期转发路径中的顺序位置分别是1和2,关键节点A和转发节点B在预期转发路径中顺序位置连续。由于实际转发路径中关键节点A和转发节点B之间插入了2个非关键节点(节点a和节点b),导致关键节点A和转发节点B在实际转发路径中的顺序位置分别是1和4,关键节点A和转发节点B在实际转发路径中的顺序位置不连续,关键节点A和转发节点B在实际转发路径中的顺序位置偏差表征关键节点A和转发节点B之间非关键节点的数量。For example, please refer to (a) in Figure 1, the sequence positions of the key node A and the forwarding node B in the expected forwarding path are 1 and 2 respectively, and the sequence positions of the key node A and the forwarding node B in the expected forwarding path are continuous. Since two non-key nodes (node a and node b) are inserted between the key node A and the forwarding node B in the actual forwarding path, the sequence positions of the key node A and the forwarding node B in the actual forwarding path are 1 and 4 respectively, and the sequence positions of the key node A and the forwarding node B in the actual forwarding path are not continuous. The sequence position deviation of the key node A and the forwarding node B in the actual forwarding path represents the number of non-key nodes between the key node A and the forwarding node B.

又例如,转发节点B和转发节点C在预期转发路径中的顺序位置分别是2和3,转发节点B和转发节点C在预期转发路径中顺序位置连续。由于实际转发路径中转发节点B和转发节点C之间插入了1个非关键节点(节点c),导致转发节点B和转发节点C在实际转发路径中的顺序位置分别是4和6,转发节点B和转发节点C在实际转发路径中的顺序位置不连续,转发节点B和转发节点C在实际转发路径中的顺序位置偏差表征转发节点B和转发节点C之间非关键节点的数量。For another example, the sequence positions of forwarding node B and forwarding node C in the expected forwarding path are 2 and 3 respectively, and the sequence positions of forwarding node B and forwarding node C in the expected forwarding path are continuous. Since a non-critical node (node c) is inserted between forwarding node B and forwarding node C in the actual forwarding path, the sequence positions of forwarding node B and forwarding node C in the actual forwarding path are 4 and 6 respectively, and the sequence positions of forwarding node B and forwarding node C in the actual forwarding path are not continuous. The sequence position deviation of forwarding node B and forwarding node C in the actual forwarding path represents the number of non-critical nodes between forwarding node B and forwarding node C.

在一些实施方式中,至少两个关键节点在预期转发路径的先后顺序与实际转发路径中各个关键节点的先后顺序相同,且至少两个关键节点在预期转发路径的顺序位置与实际转发路径中各个关键节点的顺序位置不同。换句话说,至少两个关键节点之间的先后顺序没有被打乱,但不同关键节点之间插入了非关键节点。作为具体示例,请参考附图1中的(a),关键节点A、转发节点B和转发节点C在预期转发路径的先后顺序为,首先是关键节点A,其次是转发节点B,最后是转发节点C;请参考附图1中的(b);关键节点A、转发节点B和转发节点C在实际转发路径的先后顺序同样为,首先是关键节点A,其次是转发节点B,最后是转发节点C。而转发节点B在预期转发路径中的顺序位置(2)与转发节点B在实际转发路径中的顺序位置(4)不同,转发节点C在预期转发路径中的顺序位置(3)与转发节点C在实际转发路径中的顺序位置(6)不同。In some embodiments, the sequence of at least two key nodes in the expected forwarding path is the same as the sequence of each key node in the actual forwarding path, and the sequence position of at least two key nodes in the expected forwarding path is different from the sequence position of each key node in the actual forwarding path. In other words, the sequence between at least two key nodes is not disrupted, but non-key nodes are inserted between different key nodes. As a specific example, please refer to (a) in Figure 1, the sequence of key node A, forwarding node B and forwarding node C in the expected forwarding path is first key node A, then forwarding node B, and finally forwarding node C; please refer to (b) in Figure 1; the sequence of key node A, forwarding node B and forwarding node C in the actual forwarding path is also, first key node A, then forwarding node B, and finally forwarding node C. However, the sequence position (2) of forwarding node B in the expected forwarding path is different from the sequence position (4) of forwarding node B in the actual forwarding path, and the sequence position (3) of forwarding node C in the expected forwarding path is different from the sequence position (6) of forwarding node C in the actual forwarding path.

(13)非关键节点的可记录性(13) Recordability of non-critical nodes

非关键节点的可记录性是本申请实施例预期达到的一种技术效果。非关键节点的可记录性是指在数据报文在转发过程中经过非关键节点的场景下记录数据报文经过了非关键节点的功能。在一些实施方式中,通过记录关键节点在实际转发路径中的顺序位置从而实现非关键节点的可记录性。例如,基于记录的实际转发路径中两个相邻关键节点的顺序位置不连续,则确定两个关键节点之间存在非关键节点。基于记录的实际转发路径中两个相邻关键节点的顺序位置之差,确定两个关键节点之间存在的非关键节点数量。例如,如果记录的实际转发路径中两个相邻关键节点的顺序位置之差为k,确定两个关键节点之间存在(k-1)个非关键节点。The recordability of non-critical nodes is a technical effect that is expected to be achieved by the embodiments of the present application. The recordability of non-critical nodes refers to the function of recording that a data message has passed through a non-critical node in a scenario where the data message passes through a non-critical node during the forwarding process. In some embodiments, the recordability of non-critical nodes is achieved by recording the sequential position of critical nodes in the actual forwarding path. For example, based on the discontinuity of the sequential position of two adjacent critical nodes in the actual forwarding path recorded, it is determined that there are non-critical nodes between the two critical nodes. Based on the difference in the sequential position of two adjacent critical nodes in the actual forwarding path recorded, the number of non-critical nodes between the two critical nodes is determined. For example, if the difference in the sequential position of two adjacent critical nodes in the actual forwarding path recorded is k, it is determined that there are (k-1) non-critical nodes between the two critical nodes.

非关键节点的记录位置包括多种实现方式。在一些实施方式中,关键节点在转发数据报文的过程中,向数据报文添加关键节点在实际转发路径中的顺序位置列表从而实现非关键节点的可记录性。在另一些实施方式中,关键节点通过发送独立于数据报文且携带关键节点在实际转发路径中的顺序位置列表的报文从而实现非关键节点的可记录性。在再一些实施方式中,关键节点在本地保存的日志记录中保存关键节点在实际转发路径中的顺序位置列表。The recording position of non-critical nodes includes multiple implementations. In some embodiments, in the process of forwarding data messages, the critical node adds a list of sequential positions of the critical nodes in the actual forwarding path to the data message to achieve the recordability of the non-critical nodes. In other embodiments, the critical node achieves the recordability of the non-critical nodes by sending a message that is independent of the data message and carries a list of sequential positions of the critical nodes in the actual forwarding path. In some further embodiments, the critical node saves the list of sequential positions of the critical nodes in the actual forwarding path in a locally saved log record.

例如,请参考附图1中,关键节点A、关键节点B和关键节点C是三个相邻的关键节点。关键节点A向数据报文中添加本节点在实际转发路径的顺序位置是1;关键节点B在数据报文中添加本节点在实际转发路径中的顺序位置是4;关键节点B基于本节点与上一个关键节点(关键节点A)在实际转发路径中的顺序位置之差为4-1=3,确定本节点与上一个关键节点之间存在2个非关键节点。关键节点C在数据报文中添加本节点在实际转发路径中的顺序位置是6;关键节点C基于本节点与上一个关键节点(关键节点B)在实际转发路径中的顺序位置之差为6-4=2,确定本节点与上一个关键节点之间存在1个非关键节点。For example, please refer to Figure 1, where key node A, key node B and key node C are three adjacent key nodes. Key node A adds the sequence position of this node in the actual forwarding path to the data message as 1; key node B adds the sequence position of this node in the actual forwarding path to the data message as 4; key node B determines that there are 2 non-key nodes between this node and the previous key node (key node A) based on the difference in sequence position between this node and the previous key node (key node A) in the actual forwarding path being 4-1=3. Key node C adds the sequence position of this node in the actual forwarding path to the data message as 6; key node C determines that there is 1 non-key node between this node and the previous key node based on the difference in sequence position between this node and the previous key node (key node B) in the actual forwarding path being 6-4=2.

(14)向量承诺(14) Vector Commitment

为了便于理解,下面先对“向量承诺”在密码学中通用的定义进行解释说明,再结合本申请实施例中可信路径的应用场景对“向量承诺”进一步解释说明。For ease of understanding, the following first explains the common definition of "vector commitment" in cryptography, and then further explains "vector commitment" in conjunction with the application scenario of the trusted path in the embodiment of the present application.

向量承诺是一种通过密码学技术获得的数据。向量承诺用于证明一组具有顺序的信息(例如包含至少两个元素的向量、数组或列表)中每个信息的值以及位置的正确性,同时支持保持信息的隐藏性,通常不需要暴露信息原始的内容。具体地,向量承诺允许将一组有序信息中的每个信息都进行承诺并生成相应的证明,其他参与方可以验证该证明来确认有序信息的完整性。向量承诺通常见于零知识证明。向量承诺主要包含承诺(commit)、打开(open)和验证(verify)这三个阶段。Vector commitment is a type of data obtained through cryptographic technology. Vector commitment is used to prove the correctness of the value and position of each piece of information in a set of ordered information (such as a vector, array, or list containing at least two elements), while supporting the hiding of the information, and usually does not need to expose the original content of the information. Specifically, vector commitment allows each piece of information in a set of ordered information to be committed and a corresponding proof to be generated, which other parties can verify to confirm the integrity of the ordered information. Vector commitment is often seen in zero-knowledge proofs. Vector commitment mainly includes three stages: commit, open, and verify.

承诺阶段是指向量承诺的计算阶段。例如,实体A一次性秘密地选择N个有顺序关系的信息M=(m_1,m_2,…,m_N),然后根据信息M计算一个承诺(commitment),并将承诺公开。承诺内含了信息M和信息M内部N个信息之间的顺序关系,但外界无法通过承诺推断出N个信息的明文,也无法通过承诺推断出N个信息中每个信息对应的位置是什么。通常在根据信息M计算承诺完成之后,实体A无法再修改信息M。向量承诺的计算可通过承诺函数实现。The commitment phase refers to the calculation phase of the vector commitment. For example, entity A secretly selects N sequential information M = (m_1, m_2, ..., m_N) at one time, then calculates a commitment based on information M and makes the commitment public. The commitment contains the sequential relationship between information M and the N information inside information M, but the outside world cannot infer the plaintext of the N information through the commitment, nor can it infer the corresponding position of each information in the N information through the commitment. Usually after the commitment is calculated based on information M, entity A can no longer modify information M. The calculation of vector commitment can be achieved through the commitment function.

打开阶段是指证明的计算阶段。证明用于证明特定位置上的信息。具体地,实体A通过计算打开证明(opening proof,OP),对外公开打开证明,从而通过打开证明来证明某个位置i上当初承诺的信息是m_i。证明的计算通过打开函数实现。打开函数包括单点打开(open)函数和批量打开(batchopen)函数。The opening phase refers to the proof calculation phase. The proof is used to prove the information at a specific location. Specifically, entity A calculates the opening proof (OP) and makes it public, thereby proving that the information promised at a certain location i is m_i. The proof calculation is implemented by the opening function. The opening function includes a single point opening function and a batch opening function.

单点打开(open)函数是指实体A针对单个位置i计算一个单点打开证明(opening proof,OP),通过单点打开证明,能够证明位置i上的信息是m_i。The single-point open function means that entity A calculates a single-point opening proof (OP) for a single position i. Through the single-point opening proof, it can be proved that the information at position i is m_i.

批量打开函数是指实体A一次性计算一个多点打开证明(multi proof,MP),多点打开证明用于证明多个信息m_i形成的集合是B,其中每个m_i都在自己对应的位置i上。通过多点打开证明,可以同时验证多个位置上的信息。多点证明的计算复杂度通常比单点证明的复杂度更高,多点证明的计算方式可参考如下链接。The batch open function means that entity A calculates a multi-proof (MP) at one time. The multi-proof is used to prove that the set formed by multiple information m_i is B, where each m_i is at its corresponding position i. Through the multi-proof, information at multiple positions can be verified at the same time. The computational complexity of multi-proof is usually higher than that of single-proof. The calculation method of multi-proof can refer to the following link.

[https://github.com/khovratovich/Kate/blob/66aae66cd4e99db3182025c27f02e147dfa0c034/Kate_amortized.pdf][KZG]。[https://github.com/khovratovich/Kate/blob/66aae66cd4e99db3182025c27f02e147dfa0c034/Kate_amortized.pdf][KZG].

验证阶段是指证明的验证阶段例如,验证者使用承诺和打开证明来验证实体A一开始承诺或选择的对象确实是信息M。验证通过验证函数实现。验证包括单点验证和批量验证(batch verify)。The verification phase refers to the verification phase of the proof. For example, the verifier uses the commitment and opening proof to verify that the object that entity A initially committed or selected is indeed the information M. Verification is achieved through the verification function. Verification includes single-point verification and batch verification.

单点验证是指针对单点打开证明(OP_i),验证者可以使用承诺、单点打开证明OP_i和相应的m_i,来验证某个位置i上的信息是否与单点打开证明所声明的一致。Single-point verification refers to the single-point opening proof (OP_i). The verifier can use the commitment, the single-point opening proof OP_i and the corresponding m_i to verify whether the information at a certain position i is consistent with the declaration of the single-point opening proof.

批量验证是指针对多点打开证明,验证者可以使用承诺C、多点打开证明MP_B和集合B,来验证多个位置上的信息是否与打开证明所声明的一致。Batch verification means that for multi-point open proofs, the verifier can use commitment C, multi-point open proof MP_B and set B to verify whether the information at multiple locations is consistent with what is declared in the open proof.

向量承诺的更详细解释可参考论文《Constant-Size Commitments to Polynomials and Their Applications》。向量承诺在论文中定义的实际算法包括但不限于setup、commit、open、create witness、verifyeval、create witness batch、verify eval batch等。For a more detailed explanation of vector commitments, please refer to the paper "Constant-Size Commitments to Polynomials and Their Applications". The actual algorithms defined in the paper include but are not limited to setup, commit, open, create witness, verifyeval, create witness batch, verify eval batch, etc.

在本申请实施例的应用场景中,向量承诺用于证明实际转发路径中转发节点的身份信息以及顺序位置的正确性。例如,将路径规划方作为向量承诺技术中的实体A,使用信息M表示可信路径(预期转发路径)P=(r_1,r_2,…r_i…,r_N),信息M中的信息m_i表示关键节点i的身份信息r_i,i是关键节点在预期转发路径的预期序号,使用集合B表示可信路径(预期转发路径)的某一段路径,向量承诺中的证明具体为转发证明。向量承诺最重要的性质是保序,即承诺和打开证明的信息m_i必须和位置i有绑定关系。In the application scenario of the embodiment of the present application, vector commitment is used to prove the correctness of the identity information and sequential position of the forwarding node in the actual forwarding path. For example, the path planner is regarded as entity A in the vector commitment technology, and information M is used to represent the trusted path (expected forwarding path) P = (r_1, r_2, ... r_i ..., r_N), and the information m_i in information M represents the identity information r_i of the key node i, i is the expected sequence number of the key node in the expected forwarding path, and the set B is used to represent a certain section of the trusted path (expected forwarding path). The proof in the vector commitment is specifically a forwarding proof. The most important property of vector commitment is order preservation, that is, the information m_i of the commitment and opening proof must be bound to the position i.

本申请实施例涉及设备级别的路径验证中向量承诺的应用以及AS级别的路径验证中向量承诺的应用。为了区分不同的向量承诺,用“第一向量承诺”或者“设备级别的向量承诺”描述设备级别的路径验证中应用的向量承诺,用“第二向量承诺”或者“AS级别的向量承诺”描述AS级别的路径验证中应用的向量承诺。设备级别的向量承诺例如是基于预期转发路径中每个转发节点的身份信息以及预期转发路径中每个转发节点的顺序关系获得的。AS级别的向量承诺例如是基于预期转发路径中经过的每个AS的身份信息以及预期转发路径经过的每个AS的顺序关系获得的。Embodiments of the present application relate to the application of vector commitments in device-level path verification and the application of vector commitments in AS-level path verification. In order to distinguish different vector commitments, "first vector commitment" or "device-level vector commitment" is used to describe the vector commitment applied in device-level path verification, and "second vector commitment" or "AS-level vector commitment" is used to describe the vector commitment applied in AS-level path verification. The device-level vector commitment is, for example, obtained based on the identity information of each forwarding node in the expected forwarding path and the sequential relationship of each forwarding node in the expected forwarding path. The AS-level vector commitment is, for example, obtained based on the identity information of each AS passed through in the expected forwarding path and the sequential relationship of each AS passed through by the expected forwarding path.

(15)KZG多项式承诺(15) KZG polynomial commitment

KZG多项式承诺是一种特性较好的向量承诺机制的具体构造方式。多项式承诺是能够一次性承诺一条多项式曲线上的N个点(如N个身份信息),并以常数时间对外证明和验证1个或N个点(如N个身份信息)都在此多项式上,并且承诺的数据量大小和每个转发证明的数据量大小都是常数O(1)。在多项式承诺中,信息m_i被转化为点的形式(x_i,y_i)保存,即信息M转化为<(x_1,y_1),(x_,2,y_2),…,(x_N,y_N)>,x_i=i,y_i=m_i。x_i表示转发节点的位置信息,例如x_i是一个下标(通常是整数1、2、3…,即x_i=i),y_i表示转发节点的身份信息。KZG多项式承诺能够实现实体A一次性承诺N个信息的承诺计算时间、他人计算单个或多个打开证明的时间以及他人一次性验证N条信息的时间等都是次线性时间(实际是常数时间)。KZG polynomial commitment is a specific construction method of a vector commitment mechanism with better characteristics. Polynomial commitment is the ability to commit to N points (such as N identity information) on a polynomial curve at one time, and prove and verify that 1 or N points (such as N identity information) are on this polynomial in constant time, and the amount of data committed and the amount of data for each forwarding proof are both constants O(1). In the polynomial commitment, the information m_i is converted into a point form (x_i, y_i) and saved, that is, the information M is converted into <(x_1, y_1), (x_, 2, y_2), ..., (x_N, y_N)>, x_i = i, y_i = m_i. x_i represents the location information of the forwarding node, for example, x_i is a subscript (usually an integer 1, 2, 3 ..., that is, x_i = i), and y_i represents the identity information of the forwarding node. KZG polynomial commitment can achieve that the commitment calculation time of entity A to commit to N pieces of information at one time, the time for others to calculate single or multiple open proofs, and the time for others to verify N pieces of information at one time are all sublinear time (actually constant time).

(16)转发证明(16) Forwarding Proof

本申请实施例涉及设备级别的路径验证中转发证明的应用以及AS级别的路径验证中转发证明的应用。为了区分不同的转发证明,用“第一转发证明”或者“设备级别的转发证明”描述设备级别的路径验证中应用的转发证明,用“第二转发证明”或者“AS级别的转发证明”描述AS级别的路径验证中应用的转发证明。节点级别的转发证明用于证明特定的节点在转发路径中特定的顺序位置转发数据报文。AS级别的转发证明用于证明特定的AS在转发路径中特定的顺序位置转发数据报文。转发证明包括单点转发证明(OP)以及多点转发证明(MP)。Embodiments of the present application relate to the application of forwarding proofs in device-level path verification and the application of forwarding proofs in AS-level path verification. In order to distinguish different forwarding proofs, the forwarding proof applied in device-level path verification is described by "first forwarding proof" or "device-level forwarding proof", and the forwarding proof applied in AS-level path verification is described by "second forwarding proof" or "AS-level forwarding proof". The node-level forwarding proof is used to prove that a specific node forwards a data message at a specific sequential position in a forwarding path. The AS-level forwarding proof is used to prove that a specific AS forwards a data message at a specific sequential position in a forwarding path. The forwarding proof includes a single-point forwarding proof (OP) and a multi-point forwarding proof (MP).

OP表示与单个转发节点有关的转发证明,用于证明单个特定节点在转发路径中该特定节点对应的特定顺序位置转发数据报文。或者,OP表示与单个AS有关的转发证明,用于证明单个特定AS在转发路径中该特定节点对应的特定顺序位置转发数据报文。OP represents a forwarding proof related to a single forwarding node, which is used to prove that a single specific node forwards a data message at a specific sequential position corresponding to the specific node in the forwarding path. Alternatively, OP represents a forwarding proof related to a single AS, which is used to prove that a single specific AS forwards a data message at a specific sequential position corresponding to the specific node in the forwarding path.

MP(multi proof)表示与多个转发节点均有关的转发证明,用于证明一段特定路径中每个节点均在对应的顺序位置转发数据报文。例如,对于预期转发路径关键节点A→关键节点B→关键节点C→关键节点D,OP包括关键节点A的OP、关键节点B的OP、关键节点C的OP以及关键节点D的OP,MP包括路径AB的MP、路径ABC的MP以及路径ABCD的MP。或者,MP表示与多个AS均有关的转发证明,用于证明多个AS分别在转发路径中对应的特定顺序位置转发数据报文。MP (multi proof) represents a forwarding proof related to multiple forwarding nodes, which is used to prove that each node in a specific path forwards data packets at the corresponding sequential position. For example, for the expected forwarding path key node A→key node B→key node C→key node D, OP includes the OP of key node A, the OP of key node B, the OP of key node C, and the OP of key node D, and MP includes the MP of path AB, the MP of path ABC, and the MP of path ABCD. Alternatively, MP represents a forwarding proof related to multiple ASs, which is used to prove that multiple ASs forward data packets at corresponding specific sequential positions in the forwarding path.

单点转发证明的获取方式、基于被验证节点单个关键节点在预期转发路径中的顺序位置以及被验证节点单个关键节点的身份信息获得被验证节点的单点转发证明。A method for obtaining a single-point forwarding certificate is to obtain the single-point forwarding certificate of the verified node based on the sequential position of a single key node of the verified node in the expected forwarding path and the identity information of the single key node of the verified node.

被验证节点的单点转发证明用于证明被验证节点转发了数据报文A且被验证节点顺序位置正确。以被验证节点为关键节点A为例,关键节点A基于关键节点A的身份信息、关键节点A在预期转发路径中的顺序位置以及密码学参数,获得转发证明A,转发证明A为单点转发证明,转发证明A用于证明关键节点A在预期的顺序位置转发了此数据报文。可选地,关键节点A采用单点打开函数(open)获得单点转发证明A,单点转发证明A=open(i,r_i)。The single-point forwarding proof of the verified node is used to prove that the verified node forwarded the data message A and the sequence position of the verified node is correct. Taking the verified node as key node A as an example, key node A obtains forwarding proof A based on the identity information of key node A, the sequence position of key node A in the expected forwarding path, and cryptographic parameters. Forwarding proof A is a single-point forwarding proof, and forwarding proof A is used to prove that key node A forwarded this data message in the expected sequence position. Optionally, key node A uses a single-point open function (open) to obtain single-point forwarding proof A, single-point forwarding proof A = open (i, r_i).

多点转发证明的获取方式、基于至少两个关键节点在预期转发路径中的顺序位置以及至少两个关键节点的身份信息获得多点转发证明。A method for obtaining a multi-point forwarding certificate is to obtain the multi-point forwarding certificate based on the sequential positions of at least two key nodes in an expected forwarding path and the identity information of at least two key nodes.

例如,被验证节点基于被验证节点在预期转发路径中的顺序位置、被验证节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息获得第一转发证明,第二转发节点的身份信息指示第二转发节点的身份,第一转发证明用于证明被验证节点以及第二转发节点分别在预期转发路径中处于对应的顺序位置。For example, the verified node obtains a first forwarding proof based on the sequential position of the verified node in the expected forwarding path, the identity information of the verified node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the first forwarding proof is used to prove that the verified node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.

以被验证节点为关键节点i为例,例如,关键节点i基于关键节点1到关键节点i中每个节点的身份信息、关键节点1到关键节点i中每个关键节点在预期转发路径中的顺序位置以及密码学参数,获得转发证明p_i,转发证明p_i为多点转发证明,转发证明p_i用于证明关键节点1在顺序位置1转发数据报文、关键节点2在顺序位置2转发数据报文…且关键节点i在顺序位置i处转发了此数据报文。可选地,关键节点i采用批量打开函数(batchopen)获得转发证明p_i,p_i=batchopen(r_1,…,r_i)。Taking the verified node as key node i as an example, for example, key node i obtains forwarding proof p_i based on the identity information of each node from key node 1 to key node i, the sequential position of each key node from key node 1 to key node i in the expected forwarding path, and cryptographic parameters. Forwarding proof p_i is a multi-point forwarding proof, and forwarding proof p_i is used to prove that key node 1 forwards a data message at sequence position 1, key node 2 forwards a data message at sequence position 2... and key node i forwards this data message at sequence position i. Optionally, key node i uses a batch open function (batchopen) to obtain forwarding proof p_i, p_i = batchopen (r_1,..., r_i).

无论是单点转发证明还是多点转发证明,确定转发证明和验证转发证明时使用的顺序位置均是在预期转发路径中的顺序位置,而不是在实际转发路径中的顺序位置。以附图1为例,确定转发证明和验证转发证明时使用的三个关键节点的顺序位置是预期的连续顺序位置的1、2、3,而不是实际的非连续的顺序位置1、4、6,由于实际转发路径中的顺序位置并不参与确定转发证明和验证转发证明的过程,从而降低基于实际转发路径中的顺序位置确定转发证明和验证转发证明导致的传输中断的风险。Whether it is a single-point forwarding proof or a multi-point forwarding proof, the sequence position used in determining and verifying the forwarding proof is the sequence position in the expected forwarding path, rather than the sequence position in the actual forwarding path. Taking Figure 1 as an example, the sequence position of the three key nodes used in determining and verifying the forwarding proof is the expected continuous sequence position 1, 2, 3, rather than the actual non-continuous sequence position 1, 4, 6. Since the sequence position in the actual forwarding path does not participate in the process of determining and verifying the forwarding proof, the risk of transmission interruption caused by determining and verifying the forwarding proof based on the sequence position in the actual forwarding path is reduced.

被验证节点的转发证明包括单点转发证明以及多点转发证明,下面对单点转发证明以及多点转发证明的获取方式分别举例说明。在一些实施方式中,单点转发证明的获取方式以及多点转发证明的获取方式择一使用。The forwarding proof of the verified node includes a single-point forwarding proof and a multi-point forwarding proof. The following examples illustrate how to obtain the single-point forwarding proof and the multi-point forwarding proof. In some embodiments, one of the single-point forwarding proof and the multi-point forwarding proof is used.

单点转发证明的获取方式、基于被验证节点单个关键节点在预期转发路径中的顺序位置以及被验证节点单个关键节点的身份信息获得被验证节点的单点转发证明。A method for obtaining a single-point forwarding certificate is to obtain the single-point forwarding certificate of the verified node based on the sequential position of a single key node of the verified node in the expected forwarding path and the identity information of the single key node of the verified node.

被验证节点的单点转发证明用于证明被验证节点转发了数据报文A且被验证节点顺序位置正确。以被验证节点为关键节点A为例,关键节点A基于关键节点A的身份信息、关键节点A在预期转发路径中的顺序位置以及密码学参数,获得转发证明A,转发证明A为单点转发证明,转发证明A用于证明关键节点A在预期的顺序位置转发了此数据报文。可选地,关键节点A采用单点打开函数(open)获得单点转发证明A,单点转发证明A=open(i,r_i)。The single-point forwarding proof of the verified node is used to prove that the verified node forwarded the data message A and the sequence position of the verified node is correct. Taking the verified node as key node A as an example, key node A obtains forwarding proof A based on the identity information of key node A, the sequence position of key node A in the expected forwarding path, and cryptographic parameters. Forwarding proof A is a single-point forwarding proof, and forwarding proof A is used to prove that key node A forwarded this data message in the expected sequence position. Optionally, key node A uses a single-point open function (open) to obtain single-point forwarding proof A, single-point forwarding proof A = open (i, r_i).

多点转发证明的获取方式、基于至少两个关键节点在预期转发路径中的顺序位置以及至少两个关键节点的身份信息获得多点转发证明。A method for obtaining a multi-point forwarding certificate is to obtain the multi-point forwarding certificate based on the sequential positions of at least two key nodes in an expected forwarding path and the identity information of at least two key nodes.

例如,被验证节点基于被验证节点在预期转发路径中的顺序位置、被验证节点的身份信息、第二转发节点在预期转发路径中的顺序位置以及第二转发节点的身份信息获得第一转发证明,第二转发节点的身份信息指示第二转发节点的身份,第一转发证明用于证明被验证节点以及第二转发节点分别在预期转发路径中处于对应的顺序位置。For example, the verified node obtains a first forwarding proof based on the sequential position of the verified node in the expected forwarding path, the identity information of the verified node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the first forwarding proof is used to prove that the verified node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path.

以被验证节点为关键节点i为例,例如,关键节点i基于关键节点1到关键节点i中每个节点的身份信息、关键节点1到关键节点i中每个关键节点在预期转发路径中的顺序位置以及密码学参数,获得转发证明p_i,转发证明p_i为多点转发证明,转发证明p_i用于证明关键节点1在顺序位置1转发数据报文、关键节点2在顺序位置2转发数据报文…且关键节点i在顺序位置i处转发了此数据报文。可选地,关键节点i采用批量打开函数(batchopen)获得转发证明p_i,p_i=batchopen(r_1,…,r_i)。Taking the verified node as key node i as an example, for example, key node i obtains forwarding proof p_i based on the identity information of each node from key node 1 to key node i, the sequential position of each key node from key node 1 to key node i in the expected forwarding path, and cryptographic parameters. Forwarding proof p_i is a multi-point forwarding proof, and forwarding proof p_i is used to prove that key node 1 forwards a data message at sequence position 1, key node 2 forwards a data message at sequence position 2... and key node i forwards this data message at sequence position i. Optionally, key node i uses a batch open function (batchopen) to obtain forwarding proof p_i, p_i = batchopen (r_1,..., r_i).

无论是单点转发证明还是多点转发证明,确定转发证明和验证转发证明时使用的顺序位置均是在预期转发路径中的顺序位置,而不是在实际转发路径中的顺序位置。以附图1为例,确定转发证明和验证转发证明时使用的三个关键节点的顺序位置是预期的连续顺序位置的1、2、3,而不是实际的非连续的顺序位置1、4、6,由于实际转发路径中的顺序位置并不参与确定转发证明和验证转发证明的过程,从而降低基于实际转发路径中的顺序位置确定转发证明和验证转发证明导致的传输中断的风险。Whether it is a single-point forwarding proof or a multi-point forwarding proof, the sequence position used in determining and verifying the forwarding proof is the sequence position in the expected forwarding path, rather than the sequence position in the actual forwarding path. Taking Figure 1 as an example, the sequence position of the three key nodes used in determining and verifying the forwarding proof is the expected continuous sequence position 1, 2, 3, rather than the actual non-continuous sequence position 1, 4, 6. Since the sequence position in the actual forwarding path does not participate in the process of determining and verifying the forwarding proof, the risk of transmission interruption caused by determining and verifying the forwarding proof based on the sequence position in the actual forwarding path is reduced.

为了简明起见,本申请实施例后文有时用“OP+下划线+位置”的形式来简化表示某一个特定顺序位置的节点计算的单点转发证明。用“MP+下划线+位置”的形式来简化表示某一个特定顺序位置的节点计算的获得的多点转发证明,如OP_i表示实际转发路径中第i个关键节点计算的单点转发证明,MP_i表示转发路径上第i个关键节点计算的多点转发证明。For the sake of simplicity, the embodiments of the present application sometimes use the form of "OP+underscore+position" to simplify the single-point forwarding proof calculated by a node at a specific sequential position. The form of "MP+underscore+position" is used to simplify the multi-point forwarding proof obtained by calculating a node at a specific sequential position, such as OP_i represents the single-point forwarding proof calculated by the i-th key node in the actual forwarding path, and MP_i represents the multi-point forwarding proof calculated by the i-th key node on the forwarding path.

(17)转发节点的身份信息(17) Identity information of the forwarding node

转发节点_i的身份信息用于指示转发节点_i的身份。转发节点_i的身份信息例如为转发节点_i的标识。The identity information of the forwarding node_i is used to indicate the identity of the forwarding node_i. The identity information of the forwarding node_i is, for example, the identifier of the forwarding node_i.

在一些实施方式中,转发节点的身份信息为公开可验证的身份信息。通过使用公开可验证的身份信息计算和验证转发证明,降低获得身份信息的难度,进而降低基于身份信息计算和验证转发证明的复杂度。在另一些可能的实现方式中,转发节点_i的身份信息为只能由转发节点_i计算得到、多方可验证的公开可验证不可伪造的身份证明。示例性地,转发节点_i的身份信息包括基于转发节点_i的密钥进行加密得到的身份信息。可选地,基于转发节点_i的密钥进行加密得到的身份信息为基于转发节点_i的对称式密钥进行加密得到的身份信息;或者,基于转发节点_i的密钥进行加密得到的身份信息为基于转发节点_i的私钥进行加密得到的身份信息。通过使用加密的身份信息计算转发证明或者验证转发证明,由于身份信息的安全性和隐私性更高,从而进一步提升计算和验证转发证明的安全性和隐私性。In some embodiments, the identity information of the forwarding node is publicly verifiable identity information. By using publicly verifiable identity information to calculate and verify the forwarding proof, the difficulty of obtaining the identity information is reduced, thereby reducing the complexity of calculating and verifying the forwarding proof based on the identity information. In some other possible implementations, the identity information of the forwarding node_i is a publicly verifiable and unforgeable identity proof that can only be calculated by the forwarding node_i and can be verified by multiple parties. Exemplarily, the identity information of the forwarding node_i includes identity information encrypted based on the key of the forwarding node_i. Optionally, the identity information encrypted based on the key of the forwarding node_i is identity information encrypted based on the symmetric key of the forwarding node_i; or, the identity information encrypted based on the key of the forwarding node_i is identity information encrypted based on the private key of the forwarding node_i. By using the encrypted identity information to calculate the forwarding proof or verify the forwarding proof, the security and privacy of the calculation and verification of the forwarding proof are further improved due to the higher security and privacy of the identity information.

示例性地,转发节点_i的身份信息包括转发节点_i的地址。用于作为转发节点_i的身份信息的地址可选地是转发节点_i的IP地址。例如,作为转发节点_i的身份信息的地址是转发节点_i的IPv4地址或者转发节点_i的IPv6地址。或者,作为转发节点_i的身份信息的地址是转发节点_i的媒体访问控制(media access control,MAC)地址。Exemplarily, the identity information of the forwarding node_i includes the address of the forwarding node_i. The address used as the identity information of the forwarding node_i is optionally the IP address of the forwarding node_i. For example, the address used as the identity information of the forwarding node_i is the IPv4 address of the forwarding node_i or the IPv6 address of the forwarding node_i. Alternatively, the address used as the identity information of the forwarding node_i is the media access control (MAC) address of the forwarding node_i.

示例性地,转发节点_i的身份信息包括转发节点_i的段标识(segment ID,SID)。SID是在SRv6(segment routing over IPv6)网络中使用的标识符,用于定义网络中的某种功能或指令。SID的形式为IPv6地址,具有128个比特。通过将SID作为身份信息以计算转发证明和验证转发证明,更加适用于SRv6网络的场景,在实现路径绑定性的同时,可以复用SRv6封装中携带的SID,不需要在报文中增加额外字段来携带身份信息,从而有助于简化报文格式,减少传输报文的开销。Exemplarily, the identity information of forwarding node_i includes the segment ID (SID) of forwarding node_i. SID is an identifier used in SRv6 (segment routing over IPv6) network, which is used to define a certain function or instruction in the network. SID is in the form of an IPv6 address with 128 bits. By using SID as identity information to calculate forwarding proof and verify forwarding proof, it is more suitable for SRv6 network scenarios. While achieving path binding, the SID carried in the SRv6 encapsulation can be reused, and there is no need to add additional fields in the message to carry identity information, which helps to simplify the message format and reduce the overhead of transmitting messages.

示例性地,转发节点_i的身份信息包括转发节点_i的MPLS标签。MPLS标签是一种短且定长的连接标识符,用于在MPLS网络或者SR-MPLS网络中替代IP转发。通过将MPLS标签作为身份信息以计算转发证明和验证转发证明,更加适用于MPLS网络或者SR-MPLS网络的场景,在实现路径绑定性的同时,可以复用MPLS封装或者SR-MPLS封装中携带的MPLS标签,不需要在报文中增加额外字段来携带身份信息,从而有助于简化报文格式,减少传输报文的开销。Exemplarily, the identity information of forwarding node_i includes the MPLS label of forwarding node_i. The MPLS label is a short and fixed-length connection identifier used to replace IP forwarding in an MPLS network or an SR-MPLS network. By using the MPLS label as identity information to calculate and verify the forwarding proof, it is more suitable for MPLS network or SR-MPLS network scenarios. While achieving path binding, the MPLS label carried in the MPLS encapsulation or SR-MPLS encapsulation can be reused, and there is no need to add additional fields in the message to carry the identity information, which helps to simplify the message format and reduce the overhead of transmitting the message.

示例性地,转发节点_i的身份信息包括转发节点_i的证书。证书是一种数字凭证或者说电子文件,用于证明某个实体的身份或权限。证书由一个受信任的第三方机构,如数字证书认证机构(certificate authority,简称CA)签发,并包含了用于验证和识别所指定实体的身份信息(如公钥)。证书内容包括公钥、证书持有人的信息(如名称、组织等)或者证书的有效期等。通过将证书作为身份信息以计算转发证明和验证转发证明,由于证书的真实性和完整性能够被验证,从而有助于降低由于身份信息被篡改、窃听或伪装导致的风险,进一步提高转发证明的安全性和可信性。Exemplarily, the identity information of forwarding node_i includes the certificate of forwarding node_i. A certificate is a digital credential or electronic document used to prove the identity or authority of an entity. The certificate is issued by a trusted third-party organization, such as a digital certificate authority (CA), and contains identity information (such as a public key) used to verify and identify the specified entity. The certificate content includes the public key, information about the certificate holder (such as name, organization, etc.), or the validity period of the certificate. By using the certificate as identity information to calculate the forwarding proof and verify the forwarding proof, the authenticity and integrity of the certificate can be verified, which helps to reduce the risks caused by tampering, eavesdropping or disguise of identity information, and further improves the security and credibility of the forwarding proof.

示例性地,转发节点_i的身份信息包括转发节点_i的密钥。例如,转发节点_i的身份信息包括转发节点_i的公钥。又如,转发节点_i的身份信息包括转发节点_i的私钥。Exemplarily, the identity information of the forwarding node_i includes the key of the forwarding node_i. For example, the identity information of the forwarding node_i includes the public key of the forwarding node_i. For another example, the identity information of the forwarding node_i includes the private key of the forwarding node_i.

示例性地,转发节点_i的身份信息包括转发节点_i的访问控制令牌(token)。访问控制令牌是一种用于验证对受保护资源的访问权限的数字证明。访问控制令牌包含了转发节点的授权信息和访问权限信息。访问控制令牌可以由访问控制服务器器生成并颁发至转发节点。通过使用访问控制令牌作为身份信息以计算转发证明和验证转发证明,由于每个转发节点都可以验证访问控制令牌的有效性和权限,从而降低身份信息被篡改和数据泄露的风险,从而进一步转发证明的安全性和可信度。Exemplarily, the identity information of forwarding node_i includes an access control token (token) of forwarding node_i. The access control token is a digital certificate used to verify access rights to protected resources. The access control token contains the authorization information and access rights information of the forwarding node. The access control token can be generated by an access control server and issued to the forwarding node. By using the access control token as identity information to calculate the forwarding proof and verify the forwarding proof, since each forwarding node can verify the validity and authority of the access control token, the risk of identity information being tampered with and data leakage is reduced, thereby further improving the security and credibility of the forwarding proof.

示例性地,转发节点_i的身份信息包括转发节点_i的路由器标识(router ID)。Exemplarily, the identity information of forwarding node_i includes the router ID of forwarding node_i.

示例性地,转发节点_i的身份信息包括转发节点_i的主机名。Exemplarily, the identity information of the forwarding node_i includes the host name of the forwarding node_i.

示例性地,转发节点_i的身份信息包括转发节点_i的签名。例如,转发节点_i使用转发节点_i的私钥对转发节点_i的身份信息进行加密,生成转发节点_i的签名。通过使用转发节点_i的签名作为身份信息以计算转发证明和验证转发证明,从而降低身份信息被篡改和数据泄露的风险,从而进一步转发证明的安全性和可信度。Exemplarily, the identity information of forwarding node_i includes the signature of forwarding node_i. For example, forwarding node_i encrypts the identity information of forwarding node_i using the private key of forwarding node_i to generate the signature of forwarding node_i. By using the signature of forwarding node_i as the identity information to calculate the forwarding proof and verify the forwarding proof, the risk of identity information being tampered with and data leakage is reduced, thereby further improving the security and credibility of the forwarding proof.

示例性地,转发节点_i的身份信息包括消息认证码(message authentication code,MAC)标签(tag)。MAC tag是一种用于验证消息完整性和真实性的认证码。MAC tag为通过对消息进行加密和计算得到的固定长度的值,从而降低消息在传输过程中被篡改或伪造的概率。例如,转发节点_i使用转发节点_i与转发路径上其他转发节点之间的共享密钥和消息内容进行运算生成MAC tag,并将MAC tag作为身份信息计算转发证明和验证转发证明,从而进一步降低转发证明被篡改和伪造的概率,增强转发证明的安全性和可信度。Exemplarily, the identity information of forwarding node_i includes a message authentication code (MAC) tag. A MAC tag is an authentication code used to verify the integrity and authenticity of a message. A MAC tag is a fixed-length value obtained by encrypting and calculating a message, thereby reducing the probability that the message is tampered with or forged during transmission. For example, forwarding node_i uses the shared key and message content between forwarding node_i and other forwarding nodes on the forwarding path to generate a MAC tag, and uses the MAC tag as identity information to calculate the forwarding proof and verify the forwarding proof, thereby further reducing the probability that the forwarding proof is tampered with and forged, and enhancing the security and credibility of the forwarding proof.

示例性地,转发节点_i的身份信息包括零知识(non-interactive zero-knowledge,NIZK)证明。零知识是一种密码学技术,用于在不泄露其背后的信息的情况下证明某个陈述的真实性。该证明允许证明者向验证者展示某个事实的证明,而无需透露与该事实相关的任何其他信息。作为身份信息的零知识证明例如是Schnorr证明。Schnorr证明是一种基于离散对数问题的零知识NIZK证明协议,由Claude Schnorr提出。通过使用NIZK证明作为身份信息计算转发证明和验证转发证明,可以隐藏转发节点的真实身份,降低转发节点的真实身份被泄露的概率,同时支持作为身份信息的NIZK证明能被验证,从而进一步降低转发证明被篡改和伪造的概率,增强转发证明的安全性和可信度。Exemplarily, the identity information of the forwarding node _i includes a zero-knowledge (non-interactive zero-knowledge, NIZK) proof. Zero-knowledge is a cryptographic technique used to prove the truth of a statement without revealing the information behind it. The proof allows the prover to show the verifier proof of a fact without revealing any other information related to the fact. An example of a zero-knowledge proof as identity information is the Schnorr proof. The Schnorr proof is a zero-knowledge NIZK proof protocol based on the discrete logarithm problem, proposed by Claude Schnorr. By using the NIZK proof as identity information to calculate the forwarding proof and verify the forwarding proof, the true identity of the forwarding node can be hidden, reducing the probability of the true identity of the forwarding node being leaked, while supporting the verification of the NIZK proof as identity information, thereby further reducing the probability of the forwarding proof being tampered with and forged, and enhancing the security and credibility of the forwarding proof.

示例性地,转发节点_i的身份信息包括Sigma协议证明。Sigma协议证明是一种基于零知识证明(zero-knowledge proof)的交互协议。它允许一个证明者在与验证者的交互中,证明某个语句为真,而不泄露关于该语句的真实信息。在Sigma协议证明中,证明者和验证者进行多轮的交互,以达到相互认证的目的。证明者试图向验证者证明一个陈述的真实性,而验证者希望确认该陈述的真实性,并相信证明者确实知道证明该陈述。但协议的特殊性质在于,证明者不能泄露陈述的真实信息给验证者,从而保护了证明者的隐私。Exemplarily, the identity information of the forwarding node _i includes the Sigma protocol proof. The Sigma protocol proof is an interactive protocol based on zero-knowledge proof. It allows a prover to prove that a statement is true in the interaction with the verifier without revealing the true information about the statement. In the Sigma protocol proof, the prover and the verifier interact in multiple rounds to achieve the purpose of mutual authentication. The prover tries to prove the authenticity of a statement to the verifier, while the verifier wants to confirm the authenticity of the statement and believes that the prover does know how to prove the statement. But the special nature of the protocol is that the prover cannot reveal the true information of the statement to the verifier, thereby protecting the privacy of the prover.

(18)segment list(18)segment list

segment list为SRv6场景下用于指示预期转发路径的信息。segment list包括一系列SID,每个SID代表网络中的一个节点或链路。segment list采用倒序排列的方式,即segment list中的SID按照转发路径上尾节点到关键节点1的顺序进行排列。segment list[0]表示转发路径中尾节点对应的SID,segment list[1]表示转发路径中倒数第二个节点对应的SID,依次类推,segment list[N]表示转发路径中关键节点1对应的SID。The segment list is information used to indicate the expected forwarding path in the SRv6 scenario. The segment list includes a series of SIDs, each of which represents a node or link in the network. The segment list is arranged in reverse order, that is, the SIDs in the segment list are arranged in the order from the tail node to the key node 1 on the forwarding path. segment list[0] represents the SID corresponding to the tail node in the forwarding path, segment list[1] represents the SID corresponding to the second to last node in the forwarding path, and so on. segment list[N] represents the SID corresponding to the key node 1 in the forwarding path.

(19)生存时间(time to live,TTL)(19) Time to live (TTL)

TTL是IPv4协议中报文头(IPv4 header)中一个字段,用于限制数据报文在网络中传输时间或跳数。TTL以整数形式表示。每次数据报文经过一个转发节点时,TTL减少1。当TTL的值减至0时,数据报文将被丢弃,并向源节点返回一个超时消息。TTL位于IPv4报文头的第9个字节,占用一个字节(8位),用于存储TTL的值。TTL is a field in the IPv4 header, which is used to limit the transmission time or number of hops of a datagram in the network. TTL is expressed as an integer. Each time a datagram passes through a forwarding node, TTL decreases by 1. When the TTL value decreases to 0, the datagram will be discarded and a timeout message will be returned to the source node. TTL is located in the 9th byte of the IPv4 header, which occupies one byte (8 bits) and is used to store the TTL value.

(20)跳数限制(hop limit)(20) Hop limit

在IPv6协议中,TTL被称为跳数限制(hop limit),跳数限制也是在IPv6报文头(IPv6 header)中的一个字段来携带的。跳数限制相当于IPv4中的TTL,用于限制数据报文在网络中的跳数。在IPv6报文头的第7个字节,占用一个字节(8位),用于存储跳数限制的值。In the IPv6 protocol, TTL is called hop limit, which is also carried in a field in the IPv6 header. Hop limit is equivalent to TTL in IPv4 and is used to limit the number of hops of a datagram in the network. The 7th byte of the IPv6 header occupies one byte (8 bits) to store the hop limit value.

(21)自治系统(autonomous system,AS)(21) Autonomous system (AS)

AS是指一组具有相同路由策略的网络设备,这些网络设备由同一个实体管理。每个AS在互联网中被分配了一个AS号(autonomous system number),以便于其它网络设备基于AS号寻找对应的AS。为了简明起见,本申请实施例后续用“AS+数字”的形式来简化表示具体的AS,如一个AS简化表示为AS1。AS refers to a group of network devices with the same routing policy, which are managed by the same entity. Each AS is assigned an AS number (autonomous system number) in the Internet, so that other network devices can find the corresponding AS based on the AS number. For the sake of simplicity, the embodiments of this application will use the form of "AS+number" to simplify the specific AS, such as an AS is simplified as AS1.

(22)AS的身份信息(22) AS identity information

AS的身份信息用于指示AS的身份。举例说明,AS的身份信息为AS号或者AS的秘密值。AS号(autonomous system number)也称AS号码或AS编号。AS号是一个正整数,AS号取值范围通常是从1到65535。每个AS拥有一个唯一的AS号。通过AS号,能够在互联网中唯一地标识一个AS。AS的秘密值是对AS号进行加密得到的密文数据。例如,基于预置在AS中每个转发设备的密钥对AS号进行加密,得到AS的秘密值。The identity information of the AS is used to indicate the identity of the AS. For example, the identity information of the AS is the AS number or the secret value of the AS. The AS number (autonomous system number) is also called the AS number or the AS number. The AS number is a positive integer, and the AS number value range is usually from 1 to 65535. Each AS has a unique AS number. Through the AS number, an AS can be uniquely identified on the Internet. The secret value of the AS is the ciphertext data obtained by encrypting the AS number. For example, the AS number is encrypted based on the key preset in each forwarding device in the AS to obtain the secret value of the AS.

(23)自治系统路径(autonomous system path,AS_path)(23) Autonomous system path (AS_path)

AS_path是BGP协议中的一种路径属性。AS_path通常通过BGP协议报文承载。AS_path用于记从源AS传递到目的AS所经过的AS。AS_path包括一系列的AS号,用于描述录BGP协议报文从源AS到目的AS经过的所有AS。AS_path中一对相邻的AS表示转发路径中两个具有上下游关系的AS。根据AS_path,能够确定从源AS至目的AS每个AS之间的顺序关系。举例来说,一个BGP协议报文包括地址前缀P1以及AS_path,AS_path为[AS 3AS1AS 6],表示地址前缀P1由AS 6始发,然后地址前缀P1经过了AS1,最后地址前缀P1到达AS 3。从AS_path能够确定在转发源地址与地址前缀P1匹配的数据报文时,AS 3、AS1、AS 6这三个AS之间的顺序关系为先AS 6,再AS1,最后AS 3。AS_path的详细定义、的格式和用途可参考RFC 4271第4.3节"Path Attributes"的描述。AS_path is a path attribute in the BGP protocol. AS_path is usually carried by BGP protocol messages. AS_path is used to record the ASs that are passed from the source AS to the destination AS. AS_path includes a series of AS numbers, which are used to describe all ASs that the BGP protocol message passes through from the source AS to the destination AS. A pair of adjacent ASs in AS_path represents two ASs with upstream and downstream relationships in the forwarding path. According to AS_path, the order relationship between each AS from the source AS to the destination AS can be determined. For example, a BGP protocol message includes an address prefix P1 and AS_path, and the AS_path is [AS 3AS1AS 6], which means that the address prefix P1 is initiated by AS 6, then the address prefix P1 passes through AS1, and finally the address prefix P1 reaches AS 3. From AS_path, it can be determined that when forwarding a data message with a source address matching the address prefix P1, the order relationship between the three ASs of AS 3, AS1, and AS 6 is AS 6 first, then AS1, and finally AS 3. For the detailed definition, format, and usage of AS_path, please refer to the description in Section 4.3 "Path Attributes" of RFC 4271.

(24)AS列表(24)AS List

AS列表包括至少两个AS的身份信息。例如,AS列表包括预期转发路径中经过的每个关键节点所处的AS的身份信息。此外,AS列表还用于指示至少两个AS的预期转发顺序。例如,AS列表中各个AS的身份信息的排列顺序与各个AS的预期转发顺序匹配。一个AS的身份信息在AS列表中所处的顺序位置标识该AS在预期转发路径经过的每个AS中所处的顺序位置。以AS身份信息为AS号为例。例如,AS列表中第一个AS号标识预期转发路径经过的第一个AS,AS列表中第二个AS号标识预期转发路径经过的第二个AS,以此类推。The AS list includes the identity information of at least two ASs. For example, the AS list includes the identity information of the ASs where each key node passed in the expected forwarding path is located. In addition, the AS list is also used to indicate the expected forwarding order of at least two ASs. For example, the arrangement order of the identity information of each AS in the AS list matches the expected forwarding order of each AS. The sequential position of the identity information of an AS in the AS list identifies the sequential position of the AS in each AS passed by the expected forwarding path. Take the AS identity information as an AS number as an example. For example, the first AS number in the AS list identifies the first AS passed by the expected forwarding path, the second AS number in the AS list identifies the second AS passed by the expected forwarding path, and so on.

下面对设备级别的路径验证方法的应用场景以及对应的方法流程举例说明。The following is an example of the application scenario of the device-level path verification method and the corresponding method flow.

很多源地址或中心化算路路由技术的特色是源主机或中心化控制器能够自行指定经过一系列特定网络设备或虚拟化网络功能的网络路径。例如,SR技术或者SFC均支持控制面指定网络路径的功能。然而一个挑战是,即使源主机或中心化控制器在控制面指定了某条路径,源主机或中心化控制器并不能知道数据报文是否在转发面(数据面)真的严格遵循了这条路径。例如,由于路由劫持(route hijack)、路由注入(route injection)以及流量绕行(traffic detour)等网络攻击,或者网络设备错误配置的问题会导致数据面的实际转发路径偏离于控制面的预期转发路径。Many source address or centralized routing technologies feature the ability for the source host or centralized controller to specify a network path through a series of specific network devices or virtualized network functions. For example, SR technology or SFC both support the function of specifying a network path on the control plane. However, one challenge is that even if the source host or centralized controller specifies a path on the control plane, the source host or centralized controller cannot know whether the data packet strictly follows this path on the forwarding plane (data plane). For example, network attacks such as route hijacking, route injection, and traffic detour, or network device misconfiguration problems may cause the actual forwarding path on the data plane to deviate from the expected forwarding path on the control plane.

其中,路由劫持攻击是指攻击者将网络流量劫持和/或导流到攻击者控制的网络设备或者AS等以便进行监听、篡改或拦截等。路由劫持攻击也被称为前缀劫持攻击或互联网协议(internet protocol,IP)劫持攻击。路由注入是指向路由器等网络设备中输入伪造的路由信息,使伪造的路由信息传播到整个网络中。攻击者可以通过路由注入来改变网络的路由路径,导致流量被重定向到攻击者控制的路径上。流量绕行是指攻击者通过篡改网络设备的配置,将流量从预期的路径上进行绕行,导致流量被重定向到攻击者指定的路径上。Among them, route hijacking attack refers to the attacker hijacking and/or diverting network traffic to network devices or ASs controlled by the attacker for monitoring, tampering or interception. Route hijacking attack is also called prefix hijacking attack or Internet protocol (IP) hijacking attack. Route injection refers to inputting forged routing information into network devices such as routers, so that the forged routing information is propagated throughout the network. An attacker can change the routing path of the network through route injection, causing the traffic to be redirected to the path controlled by the attacker. Traffic detour refers to the attacker tampering with the configuration of the network device to detour the traffic from the expected path, causing the traffic to be redirected to the path specified by the attacker.

简言之,亟需解决的问题是控制面确定的预期转发路径和数据面实际转发路径不一致的问题,这个问题会导致SR或者SFC等技术失去原本声称的能够实现路径指定的技术优势。In short, the problem that needs to be solved urgently is the inconsistency between the expected forwarding path determined by the control plane and the actual forwarding path of the data plane. This problem will cause technologies such as SR or SFC to lose their original technical advantages of being able to achieve path specification.

有鉴于此,可信路径(trusted path)机制(或称安全路由secure routing机制或路径验证(path validation)机制)应运而生,能够解决以上问题,使得数据报文能且仅能按照路径规划方规划好的转发路径逐跳转发,并且能够提供可公开验证的转发证明。一个完整的可信路径机制包括路径锁定机制和路径验证机制这两个技术部分,也可以认为是控制面和数据面两个层次的协议和方法相配合。In view of this, the trusted path mechanism (also called secure routing mechanism or path validation mechanism) came into being, which can solve the above problems, so that data packets can and can only be forwarded hop by hop according to the forwarding path planned by the path planner, and can provide publicly verifiable forwarding proof. A complete trusted path mechanism includes two technical parts: path locking mechanism and path validation mechanism, which can also be considered as the coordination of protocols and methods at the control plane and data plane levels.

目前,严格安全性的可信路径机制仍是国内外空白,现存的可信路径机制在安全上均有一定程度上的局限性。At present, there is still a lack of a strictly secure trusted path mechanism both at home and abroad, and the existing trusted path mechanisms all have certain limitations in terms of security.

例如,如果采用非密码学遍历证明的方式实现路径锁定,例如关键节点1在数据报文的报文头中添加一个带初始值的字段,然后每个经过的转发节点向这个报文中添加该转发节点的身份信息,即将所有转发节点的身份信息作为转发证明,这种方式由于转发证明与转发节点在转发路径上所处的位置没有强绑定关系,无法生成强位置绑定的转发证明,例如无法实现处于转发路径上第i个位置的节点才能生成第i个证明,导致转发证明的可信性较差,造假和篡改转发证明极易实现。例如,如果数据报文没有按照指定的路径逐跳转发,而是跳过转发路径中的节点,或者路过多余的未指定的节点,这种场景下获得的转发证明仍然能通过一定概率下通过验证,可见转发证明的可信性存在不足。而且,即使数据报文携带了这条路径上的所有节点的证明,由于证明与转发节点在转发路径上的位置无关,也不能保证数据一定就是按照这条路径转发的,例如遍历证明可能是转发路径之外的设备在报文转发结束后加上去的。换句话说,转发证明和实际的报文转发情况并无任何强绑定关系,这导致了数据报文可以任意被转发然后再被赋予伪造的遍历证明,在终点获得的遍历证明不可信。For example, if a non-cryptographic traversal proof is used to implement path locking, for example, key node 1 adds a field with an initial value to the header of the data message, and then each forwarding node passed through adds the identity information of the forwarding node to this message, that is, the identity information of all forwarding nodes is used as a forwarding proof. This method cannot generate a forwarding proof with a strong position binding because the forwarding proof has no strong binding relationship with the position of the forwarding node on the forwarding path. For example, it cannot be achieved that only the node at the i-th position on the forwarding path can generate the i-th proof, resulting in poor credibility of the forwarding proof, and it is very easy to forge and tamper with the forwarding proof. For example, if the data message is not forwarded hop by hop along the specified path, but skips the nodes in the forwarding path, or passes through redundant unspecified nodes, the forwarding proof obtained in this scenario can still pass the verification with a certain probability, which shows that the credibility of the forwarding proof is insufficient. Moreover, even if the data message carries the proof of all nodes on this path, since the proof is independent of the position of the forwarding node on the forwarding path, it cannot be guaranteed that the data is definitely forwarded along this path. For example, the traversal proof may be added by a device outside the forwarding path after the message forwarding is completed. In other words, there is no strong binding relationship between the forwarding proof and the actual message forwarding situation, which results in data messages being forwarded arbitrarily and then being given a forged traversal proof, and the traversal proof obtained at the end point is unreliable.

又如,如果采用密码学的遍历凭证的方式实现路径锁定,例如每个转发节点与控制器一一建立秘钥对,然后每个路由节点利用密码学生成身份绑定的证明,然后传递证明,虽然在造假的问题上稍有好转,但是由于获取转发证明时没有考虑转发节点在转发路径上所处的位置,无法生成强位置绑定的转发证明,导致和非密码学遍历证明的方式存在一样的问题:转发证明和数据报文的实际转发情况脱节,没有强绑定关系,数据报文可以任意被转发然后再与转发节点串通,在尾节点加入伪造的遍历证明,导致从尾节点获得的遍历证明不可信,在中转的过程中也不能保证一定按照指定的转发路径转发。For another example, if path locking is achieved by using cryptographic traversal credentials, for example, each forwarding node establishes a key pair with the controller, and then each routing node uses cryptography to generate an identity-binding certificate, and then passes the certificate. Although the problem of counterfeiting has been slightly improved, the position of the forwarding node on the forwarding path is not considered when obtaining the forwarding certificate, and a forwarding certificate with strong position binding cannot be generated, resulting in the same problem as the non-cryptographic traversal proof method: the forwarding certificate is disconnected from the actual forwarding situation of the data message, and there is no strong binding relationship. The data message can be forwarded arbitrarily and then colluded with the forwarding node, and a forged traversal certificate is added to the tail node, resulting in the traversal certificate obtained from the tail node being unreliable. During the transit process, it cannot be guaranteed that it will be forwarded according to the specified forwarding path.

基于如上问题,本申请的一些实施方式提供了基于转发证明以及向量承诺的方案,有助于解决可信网络中转发路径的锁定机制和转发路径验证机制。Based on the above problems, some embodiments of the present application provide solutions based on forwarding proof and vector commitment, which help to solve the locking mechanism and forwarding path verification mechanism of the forwarding path in the trusted network.

在一些实施方式中,基于转发节点在实际转发路径的顺序位置以及转发节点的身份信息获得转发证明,基于向量承诺、转发节点在转发路径的实际顺序位置以及转发节点的身份信息来验证转发证明,从而实现了转发证明的位置绑定性。即,转发证明不再只和转发节点的身份有关,还和转发节点在转发路径上的位置有关,使得数据报文在转发至转发路径上正确的位置由正确的节点才能计算出正确的转发证明,使得转发证明和数据报文的真实转发情况具有强绑定性,并使得转发证明具有难以篡改的公开可验证性,从而解决转发证明与转发节点在转发路径上所处的位置无关导致证明可信性差的问题。上述实施方式有助于严格锁定路径规划方规划的预期转发路径,然后对数据报文实际转发情况是否与此预期转发路径严格对应进行验证。In some embodiments, a forwarding proof is obtained based on the sequential position of the forwarding node in the actual forwarding path and the identity information of the forwarding node, and the forwarding proof is verified based on the vector commitment, the actual sequential position of the forwarding node in the forwarding path, and the identity information of the forwarding node, thereby achieving the position binding of the forwarding proof. That is, the forwarding proof is no longer only related to the identity of the forwarding node, but also to the position of the forwarding node on the forwarding path, so that the correct forwarding proof can be calculated by the correct node when the data message is forwarded to the correct position on the forwarding path, so that the forwarding proof and the actual forwarding situation of the data message have strong binding, and the forwarding proof has public verifiability that is difficult to tamper with, thereby solving the problem of poor credibility of the proof due to the irrelevance of the forwarding proof to the position of the forwarding node on the forwarding path. The above-mentioned implementation method helps to strictly lock the expected forwarding path planned by the path planner, and then verify whether the actual forwarding situation of the data message strictly corresponds to this expected forwarding path.

上述实施方式虽然实现绝对的保序性,但对路径的验证的严格程度可能过高。例如,该方式要求实际转发路径中经过的每个转发节点都支持计算转发证明,而不允许实际转发路径中存在任何形式的“转发数据报文但不计算转发证明”的节点。然而,在IP网络中,弱能力或陈旧的网络设备、或者不支持功能的第三方网络厂商生产的设备是大量存在的。这些转发节点并不一定抱有主观恶意攻击性,但不配合计算转发证明,本实施例将这些转发节点定义为非关键节点。考虑到兼容性和可用性,需要对这些非关键节点进行容错,例如,容忍关键节点中间插入非关键节点,或者容忍关键节点中间存在透明隧道,而不会由于经过非关键节点而中断传输,如何使转发路径的锁定机制和转发路径验证机制支持对非关键节点的容错是本实施例最主要的效果。Although the above implementation method achieves absolute order preservation, the strictness of path verification may be too high. For example, this method requires that each forwarding node passed through in the actual forwarding path supports the calculation of forwarding proof, and does not allow any form of "forwarding data messages but not calculating forwarding proof" nodes in the actual forwarding path. However, in IP networks, there are a large number of weak or obsolete network devices, or devices produced by third-party network manufacturers that do not support functions. These forwarding nodes do not necessarily have subjective malicious aggressiveness, but do not cooperate in calculating forwarding proofs. This embodiment defines these forwarding nodes as non-critical nodes. Considering compatibility and availability, these non-critical nodes need to be fault-tolerant, for example, tolerating the insertion of non-critical nodes in the middle of critical nodes, or tolerating the existence of transparent tunnels in the middle of critical nodes without interrupting transmission due to passing through non-critical nodes. How to make the locking mechanism of the forwarding path and the forwarding path verification mechanism support fault tolerance for non-critical nodes is the most important effect of this embodiment.

可选地,如何使转发路径的锁定机制和转发路径验证机制支持对非关键节点的可记录性也是本实施例要实现的效果。下面对本申请实施例预期实现的几种效果对应的技术手段分别解释说明。Optionally, how to make the forwarding path locking mechanism and the forwarding path verification mechanism support the recordability of non-critical nodes is also an effect to be achieved by this embodiment. The following is an explanation of the technical means corresponding to several effects expected to be achieved by the embodiments of this application.

技术效果1:转发路径锁定性Technical effect 1: Forwarding path locking

在一些实施方式中,关键路径绑定性是通过向量承诺这一密码学技术实现的。本实施例利用向量承诺的保序性质实现如上技术效果1。例如,在承诺阶段,路径控制方基于预期转发路径中每个关键节点的顺序位置以及每个关键节点的身份信息,通过向量承诺技术中的承诺函数获得向量承诺。在打开阶段,每个关键节点在依次收到数据报文时基于关键节点的顺序位置以及关键节点的身份信息,通过向量承诺技术中的打开函数依次计算转发证明。关键节点或者验证节点基于向量承诺、关键节点的顺序位置以及关键节点的身份信息,通过向量承诺技术中的验证函数实现转发证明的验证。In some embodiments, the critical path binding is achieved through the cryptographic technology of vector commitment. This embodiment uses the order-preserving property of vector commitment to achieve the above technical effect 1. For example, in the commitment stage, the path controller obtains the vector commitment through the commitment function in the vector commitment technology based on the sequential position of each key node in the expected forwarding path and the identity information of each key node. In the opening stage, each key node calculates the forwarding proof in sequence based on the sequential position of the key node and the identity information of the key node through the opening function in the vector commitment technology when receiving the data message in sequence. The key node or verification node verifies the forwarding proof through the verification function in the vector commitment technology based on the vector commitment, the sequential position of the key node and the identity information of the key node.

在一些实施方式中,每个关键节点在依次收到数据报文时基于单点打开函数获得与单个关键节点有关的转发证明OP,对外公布与单个关键节点有关的转发证明OP;关键节点或者外部的验证节点基于单点验证函数对与单个关键节点有关的转发证明OP进行验证,从而验证实际经过的某一个关键节点的顺序是否与预期的该关键节点的顺序一致。在另一种可能的实现方式中,每个关键节点在依次收到数据报文时基于多点打开函数获得与多个关键节点均有关的转发证明MP,基于批量验证函数验证与多个关键节点均有关的转发证明MP,从而一次性验证多个关键节点的顺序是否与预期的该多个关键节点的顺序一致。In some implementations, each key node obtains the forwarding proof OP related to a single key node based on a single-point opening function when receiving data messages in sequence, and publishes the forwarding proof OP related to the single key node externally; the key node or the external verification node verifies the forwarding proof OP related to the single key node based on the single-point verification function, thereby verifying whether the order of a certain key node actually passed is consistent with the expected order of the key node. In another possible implementation, each key node obtains the forwarding proof MP related to multiple key nodes based on a multi-point opening function when receiving data messages in sequence, and verifies the forwarding proof MP related to multiple key nodes based on a batch verification function, thereby verifying whether the order of multiple key nodes is consistent with the expected order of the multiple key nodes at one time.

技术效果2:源头正确性Technical Effect 2: Source Correctness

源头正确性是指验证数据报文的来源的正确性。源头正确性包括上一跳正确性以及上半程路径正确性。Source correctness refers to verifying the correctness of the source of the data message. Source correctness includes the correctness of the previous hop and the correctness of the first half of the path.

上一跳正确性例如是当关键节点i接收到数据报文_i,关键节点i基于向量承诺,对数据报文_i携带的上一跳i-1的转发证明进行验证;如果上一跳i-1的转发证明验证不通过,则确定数据报文的上一跳不正确;如果上一跳i-1的转发证明验证通过,则确定数据报文的上一跳正确。The correctness of the previous hop is, for example, when the key node i receives the data message _i, the key node i verifies the forwarding proof of the previous hop i-1 carried by the data message _i based on the vector commitment; if the forwarding proof of the previous hop i-1 fails to be verified, it is determined that the previous hop of the data message is incorrect; if the forwarding proof of the previous hop i-1 passes the verification, it is determined that the previous hop of the data message is correct.

上半程路径正确性例如是当关键节点i接收到数据报文_i,关键节点i基于向量承诺,对数据报文_i携带的从第一个节点至上一跳i-1的转发证明进行验证;如果从第一个节点至上一跳i-1的转发证明验证不通过,则确定数据报文的上半程路径不正确;如果从第一个节点至上一跳i-1的转发证明验证通过,则确定数据报文的上半程路径正确。The correctness of the upper half path, for example, is when the key node i receives the data packet _i, the key node i verifies the forwarding proof from the first node to the previous hop i-1 carried by the data packet _i based on the vector commitment; if the forwarding proof from the first node to the previous hop i-1 fails to be verified, it is determined that the upper half path of the data packet is incorrect; if the forwarding proof from the first node to the previous hop i-1 passes the verification, it is determined that the upper half path of the data packet is correct.

下面再对实现源头正确性的具体实现方式举例说明。The following is an example of how to achieve source correctness.

上一跳正确性的验证方式、基于单个关键节点的位置信息和单个关键节点的身份信息对单点转发证明(OP)进行验证。例如,关键节点i接收到的数据报文携带关键节点_k相关的单点转发证明,关键节点i基于向量承诺、关键节点_k的身份信息以及关键节点_k的位置信息,对关键节点_k的单点转发证明进行验证。关键节点_k为转发路径中位于关键节点i的上游节点,关键节点_k的单点转发证明用于证明节点_k在转发路径上位置k转发数据报文。关键节点_k的单点转发证明是基于位置k和关键节点_k的身份信息获得的,k为小于或等于i的正整数。The verification method for the correctness of the previous hop is to verify the single-point forwarding proof (OP) based on the location information of a single key node and the identity information of a single key node. For example, the data message received by key node i carries the single-point forwarding proof related to key node_k. Key node i verifies the single-point forwarding proof of key node_k based on the vector commitment, the identity information of key node_k and the location information of key node_k. Key node_k is the upstream node of key node i in the forwarding path. The single-point forwarding proof of key node_k is used to prove that node_k forwards the data message at position k on the forwarding path. The single-point forwarding proof of key node_k is obtained based on the position k and the identity information of key node_k, and k is a positive integer less than or equal to i.

可选地,关键节点对上一跳节点的单点转发证明进行验证,从而实现验证上一跳的正确性。例如,关键节点i接收到的数据报文携带关键节点i的上一跳节点(节点_i-1)生成的单点转发证明,单点转发证明用于证明节点_i-1在转发路径上位置i-1转发数据报文。关键节点i基于向量承诺、节点_i-1的身份信息以及节点_i-1的位置信息,对数据报文携带的单点转发证明进行验证。以此类推,每一跳节点负责验证上一跳节点的单点转发证明。Optionally, the key node verifies the single-point forwarding proof of the previous hop node, thereby verifying the correctness of the previous hop. For example, the data message received by key node i carries the single-point forwarding proof generated by the previous hop node (node_i-1) of key node i, and the single-point forwarding proof is used to prove that node_i-1 forwards the data message at position i-1 on the forwarding path. Key node i verifies the single-point forwarding proof carried by the data message based on the vector commitment, the identity information of node_i-1, and the location information of node_i-1. Similarly, each hop node is responsible for verifying the single-point forwarding proof of the previous hop node.

上半程路径正确性的方式二、基于至少两个关键节点的位置信息和至少两个关键节点的身份信息对多点转发证明(MP)进行验证。例如,关键节点i接收到的数据报文携带与关键节点_k和关键节点_m相关的多点转发证明,关键节点i基于向量承诺、关键节点_k的身份信息、关键节点_k的位置信息、关键节点_m的身份信息以及关键节点_m的位置信息,对与关键节点_k和关键节点_m相关的多点转发证明进行验证。关键节点_k为转发路径中位于关键节点i的上游节点,关键节点_m为转发路径中位于关键节点_k的上游节点,多点转发证明用于证明关键节点_k在转发路径上位置k转发数据报文,且关键节点_m在转发路径上位置m转发数据报文。多点转发证明是基于位置k、关键节点_k的身份信息、位置m以及关键节点_m的身份信息获得的,k为小于或等于i的正整数,m为小于或等于k的正整数。Method 2 for the correctness of the first half of the path is to verify the multi-point forwarding proof (MP) based on the location information of at least two key nodes and the identity information of at least two key nodes. For example, the data message received by the key node i carries the multi-point forwarding proof related to the key node_k and the key node_m. The key node i verifies the multi-point forwarding proof related to the key node_k and the key node_m based on the vector commitment, the identity information of the key node_k, the location information of the key node_k, the identity information of the key node_m and the location information of the key node_m. The key node_k is the upstream node of the key node i in the forwarding path, and the key node_m is the upstream node of the key node_k in the forwarding path. The multi-point forwarding proof is used to prove that the key node_k forwards the data message at position k on the forwarding path, and the key node_m forwards the data message at position m on the forwarding path. The multi-point forwarding proof is obtained based on the position k, the identity information of the key node_k, the position m and the identity information of the key node_m, k is a positive integer less than or equal to i, and m is a positive integer less than or equal to k.

可选地,对数据报文携带的转发证明进行验证的触发条件为数据报文包含可信路径标识符。例如,关键节点接收到的数据报文后,如果确定数据报文的报文头中包含可信路径标识符,则对数据报文携带的转发证明进行验证。Optionally, the trigger condition for verifying the forwarding proof carried by the data message is that the data message contains a trusted path identifier. For example, after the key node receives the data message, if it is determined that the message header of the data message contains a trusted path identifier, the forwarding proof carried by the data message is verified.

可选地,关键节点对数据报文携带的转发证明进行验证,在数据报文携带的转发证明验证通过的情况下,关键节点再计算转发证明并公开转发证明。在数据报文携带的转发证明验证不通过的情况下,关键节点无需计算转发证明,例如直接丢弃数据报文。Optionally, the key node verifies the forwarding proof carried by the data message. If the forwarding proof carried by the data message passes the verification, the key node calculates the forwarding proof and makes it public. If the forwarding proof carried by the data message fails the verification, the key node does not need to calculate the forwarding proof, for example, directly discards the data message.

技术效果3:计算高效性和通讯(空间)高效性Technical Effect 3: Computational Efficiency and Communication (Space) Efficiency

计算高效性和通讯(空间)高效性是指在满足安全的条件下,减少证明的计算时间和证明的验证时间,减少需要传递的额外证明和/或参数的数据量。本申请实施例实现证明的计算时间和证明的验证时间均为常数级别的时间,额外证明的数据量为常数级别的数据量,与转发路径包含的节点个数N无关。Computational efficiency and communication (space) efficiency refer to reducing the computation time of proof and the verification time of proof, and reducing the amount of data of additional proofs and/or parameters that need to be transmitted, while meeting security conditions. The computation time and verification time of proofs implemented in the embodiment of the present application are both constant-level time, and the amount of data of additional proofs is constant-level data, which is independent of the number of nodes N included in the forwarding path.

向量承诺机制是一类技术的总称,向量承诺包括多种具体的构造方式。可选地,使用基于KZG多项式承诺(kate-zaverucha-goldberg polynomial commitment)的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺,从而进一步减少获取承诺的时间,提高获取承诺的效率,也避免转发证明的验证时间随着转发路径中节点的数量增加而超线性增长,使得转发证明的验证时间尽可能地短。Vector commitment mechanism is a general term for a class of technologies, and vector commitment includes a variety of specific construction methods. Optionally, a method based on KZG polynomial commitment (kate-zaverucha-goldberg polynomial commitment) is used to obtain and verify commitments based on the identity information and location information of the forwarding node, thereby further reducing the time to obtain commitments, improving the efficiency of obtaining commitments, and avoiding the superlinear growth of the verification time of the forwarding proof as the number of nodes in the forwarding path increases, making the verification time of the forwarding proof as short as possible.

通过使用KZG多项式承诺的方式来获取承诺和验证承诺,由于KZG多项式承诺在计算承诺和打开证明时具有常数时间的计算复杂度,而几乎不受被承诺信息数量N的影响,这意味着无论信息数量增加到多少,承诺计算和打开证明计算所需的时间都是常数时间,因此实现常数时间的证明计算和验证时间,常数大小的额外证明数据大小,与路径包含的节点个数N无关,换句话说,获取承诺所需耗费的时间和验证承诺所需耗费的时间保持常数大小,转发证明的数据量保持常数大小,获取承诺所需耗费的时间、验证承诺所需耗费的时间以及转发证明的数据量均不会随着转发路径的长度的增长而增长,在组网规模复杂,转发路径包括海量节点的情况下,仍然能够快速地获取承诺和验证承诺,从而大大提高了获取承诺和验证承诺的效率。Commitments are obtained and verified by using the KZG polynomial commitment method. Since KZG polynomial commitment has a constant time computational complexity when calculating commitments and opening proofs, and is almost unaffected by the number of committed information N, this means that no matter how much the amount of information increases, the time required for commitment calculation and opening proof calculation is constant time, thereby achieving constant time proof calculation and verification time, and a constant size of additional proof data size, which is independent of the number of nodes N contained in the path. In other words, the time required to obtain the commitment and the time required to verify the commitment remain constant, and the amount of data for forwarding the proof remains constant. The time required to obtain the commitment, the time required to verify the commitment, and the amount of data for forwarding the proof will not increase with the increase in the length of the forwarding path. In the case of complex networking and the forwarding path including a large number of nodes, commitments can still be obtained and verified quickly, thereby greatly improving the efficiency of obtaining and verifying commitments.

KZG多项式承诺的实现细节在实施例中具体描述。KZG多项式承诺仅是获取向量承诺的一种可能实现方式,不仅能达到转发证明和位置绑定的效果,还具有效率较高的优点,通过其他方式获取的向量承诺也能达到转发证明和位置绑定的效果。The implementation details of the KZG polynomial commitment are described in detail in the embodiments. The KZG polynomial commitment is only one possible implementation method for obtaining vector commitments, which can not only achieve the effect of forwarding proof and position binding, but also has the advantage of high efficiency. Vector commitments obtained by other methods can also achieve the effect of forwarding proof and position binding.

在另一些可能的实现方式中,采用快速Reed-Solomon交互式代数(fast reed-solomon interactive,FRI)承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。FRI承诺是一种承诺机制,在交互式证明系统中用于验证多项式的完整性。它可以快速地验证一个多项式是否满足一组约束条件,而无需逐项计算整个多项式。FRI承诺基于Reed-Solomon编码和交互式证明协议,通过构造多个小规模的Reed-Solomon编码和相关证明,将验证多项式的复杂度大大降低。In some other possible implementations, a fast Reed-Solomon interactive (FRI) commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. FRI commitment is a commitment mechanism used to verify the integrity of polynomials in interactive proof systems. It can quickly verify whether a polynomial satisfies a set of constraints without calculating the entire polynomial item by item. FRI commitment is based on Reed-Solomon coding and interactive proof protocols. By constructing multiple small-scale Reed-Solomon codes and related proofs, the complexity of verifying polynomials is greatly reduced.

在另一些可能的实现方式中,采用简洁非交互式知识论证(succinct non-interactive argument of knowledge,SNARK)承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。SNARK承诺是一种用于证明一个计算的正确性和一方所拥有的输入满足特定条件的协议。SNARK证明是非交互式的,即证明者无需与验证者进行交互,只需生成一个证明,并将其发送给验证者。SNARK证明具有紧凑性,证明的大小很小,而且验证时间相对较短。In other possible implementations, succinct non-interactive argument of knowledge (SNARK) commitments are used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. SNARK commitment is a protocol for proving the correctness of a computation and that the inputs held by one party satisfy certain conditions. SNARK proofs are non-interactive, meaning that the prover does not need to interact with the verifier, but only needs to generate a proof and send it to the verifier. SNARK proofs are compact, small in size, and relatively short in verification time.

在另一些可能的实现方式中,基于转发节点的身份信息和转发节点的位置信息,采用可扩展透明知识论证(scalable transparent arguments of knowledge,STARK)承诺的方式,获取转发证明或向量承诺;或者采用STARK承诺的方式基于向量承诺验证转发证明。STARK属于一种零知识证明技术,STARK无需可信第三方设置启动,因此更加去中心化和分布式,减少了单点故障对获取转发证明或向量承诺造成的影响,也具有较高的安全性。此外,STARK是后量子安全的,因此采用STARK有助于提高转发证明抵抗量子计算攻击的能力,在保护转发证明以及身份信息的安全性方面更可靠。此外,基于STARK生成的转发证明的数据量相对较小,这意味着证明可以以较少的存储空间进行传输,也在验证效率方面具有优势,如下一跳转发节点或者验证节点能够在相对较短的时间内验证转发证明的有效性。In some other possible implementations, based on the identity information and location information of the forwarding node, a scalable transparent arguments of knowledge (STARK) commitment method is used to obtain a forwarding proof or a vector commitment; or a STARK commitment method is used to verify the forwarding proof based on the vector commitment. STARK is a zero-knowledge proof technology. STARK does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proofs or vector commitments, and also has higher security. In addition, STARK is post-quantum secure, so the use of STARK helps to improve the ability of forwarding proofs to resist quantum computing attacks, and is more reliable in protecting the security of forwarding proofs and identity information. In addition, the amount of data of the forwarding proof generated based on STARK is relatively small, which means that the proof can be transmitted with less storage space, and it also has advantages in verification efficiency, such as the next-hop forwarding node or verification node can verify the validity of the forwarding proof in a relatively short time.

在另一些可能的实现方式中,基于转发节点的身份信息和转发节点的位置信息,采用Bulletproof的方式,获取转发证明或向量承诺;或者采用Bulletproof的方式基于向量承诺验证转发证明。Bulletproof属于一种零知识证明技术,Bulletproof是一种在零知识证明中使用的加密原语,用于证明一个数值满足某个关系,并且不需要提供额外的证明信息。Bulletproof也无需可信第三方设置启动,因此更加去中心化和分布式,减少了单点故障对获取转发证明或向量承诺造成的影响,也具有较高的安全性。In some other possible implementations, based on the identity information of the forwarding node and the location information of the forwarding node, the forwarding proof or vector commitment is obtained by using the Bulletproof method; or the forwarding proof is verified based on the vector commitment by using the Bulletproof method. Bulletproof is a zero-knowledge proof technology. Bulletproof is a cryptographic primitive used in zero-knowledge proof to prove that a value satisfies a certain relationship without providing additional proof information. Bulletproof also does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proofs or vector commitments, and also has higher security.

在另一些可能的实现方式中,采用RSA累加器的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。RSA累加器是一种数据结构,用于将一个集合的元素累加到一个累加器中,以便后续验证一个元素是否属于该集合。RSA累加器基于RSA加法同态性质,可以在不公开集合元素的情况下验证累加器中是否包含特定元素。In some other possible implementations, an RSA accumulator is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. An RSA accumulator is a data structure used to accumulate the elements of a set into an accumulator so as to subsequently verify whether an element belongs to the set. Based on the RSA addition homomorphic property, an RSA accumulator can verify whether a specific element is contained in an accumulator without disclosing the elements of the set.

在另一些可能的实现方式中,采用FC函数承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。FC函数承诺是一种承诺机制,用于将输入与函数的计算结果绑定在一起,使得计算结果可以在不暴露输入的情况下被验证。FC函数承诺可以通过零知识证明系统和承诺机制相结合来实现。它可以用于保护计算机隐私和验证计算结果的正确性。In some other possible implementations, FC function commitment is adopted to obtain commitment and verify commitment based on the identity information of the forwarding node and the location information of the forwarding node. FC function commitment is a commitment mechanism that is used to bind the input with the calculation result of the function so that the calculation result can be verified without exposing the input. FC function commitment can be implemented by combining the zero-knowledge proof system and the commitment mechanism. It can be used to protect computer privacy and verify the correctness of the calculation result.

在另一些可能的实现方式中,采用Pedersen承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。Pedersen承诺是一种承诺机制,用于将一个数值或向量承诺到一个隐藏的值。Pedersen承诺基于离散对数困难问题,使得只有知道隐藏值的承诺者,可以在不暴露实际数值的情况下验证承诺的正确性。In some other possible implementations, Pedersen commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. Pedersen commitment is a commitment mechanism used to commit a value or vector to a hidden value. Pedersen commitment is based on the discrete logarithm problem, so that only the committer who knows the hidden value can verify the correctness of the commitment without revealing the actual value.

在另一些可能的实现方式中,采用默克尔树(merkle tree)承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。默克尔树承诺是一种承诺机制,用于将集合中的多个元素绑定在一个树状结构中。默克尔树通过哈希函数将元素逐级组合并生成根哈希,根哈希就是对整个树的承诺。在验证阶段,只需要知道集合中的某些元素和相关路径上的哈希值,就可以验证元素是否属于树。In some other possible implementations, a merkle tree commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. Merkle tree commitment is a commitment mechanism used to bind multiple elements in a set into a tree structure. The Merkle tree combines elements level by level through a hash function and generates a root hash, which is a commitment to the entire tree. In the verification phase, it is only necessary to know certain elements in the set and the hash values on the relevant paths to verify whether the elements belong to the tree.

在另一些可能的实现方式中,采用沃克尔树(verkle tree)承诺的方式,基于转发节点的身份信息和转发节点的位置信息获取承诺和验证承诺。沃克尔树承诺是一种承诺机制,用于将集合中的多个元素绑定在一个非二元树状结构中。沃克尔树通过多项式承诺将树中从根节点到叶节点的路径承诺,并将多条路径聚合。在验证阶段,只需要知道集合中的某些元素和相关路径上的多项式承诺,就可以验证元素是否属于树。In some other possible implementations, a Verkle tree commitment is used to obtain and verify commitments based on the identity information of the forwarding node and the location information of the forwarding node. Verkle tree commitment is a commitment mechanism that is used to bind multiple elements in a set into a non-binary tree structure. The Verkle tree commits the path from the root node to the leaf node in the tree through polynomial commitments and aggregates multiple paths. In the verification phase, it is only necessary to know certain elements in the set and the polynomial commitments on the relevant paths to verify whether the elements belong to the tree.

在另一些可能的实现方式中,基于可聚合签名验证数据报文的来源。例如,数据报文包含数字签名。这个签名可以是上一跳节点_i-1的签名,也可以是上半段所有节点_1到节点_i-1的聚合签名。聚合签名的特点是无限多个签名的聚合结果和1个签名的长度等长。已知公钥基础设施(public key infrastructure,PKI)存在,即节点的公开身份已知,节点_i可以验证这个签名的正确性。In some other possible implementations, the source of the data message is verified based on an aggregatable signature. For example, the data message contains a digital signature. This signature can be the signature of the previous hop node_i-1, or it can be the aggregated signature of all nodes_1 to node_i-1 in the upper half. The characteristic of the aggregated signature is that the aggregation result of an infinite number of signatures is the same length as one signature. It is known that a public key infrastructure (PKI) exists, that is, the public identity of the node is known, and node_i can verify the correctness of this signature.

在另一些可能的实现方式中,基于对称MAC标签的验证数据报文的来源:例如,数据报文包含MAC标签,节点_i可以验证MAC标签的正确性。In some other possible implementations, the source of the data message is verified based on a symmetric MAC tag: for example, the data message includes a MAC tag, and node_i can verify the correctness of the MAC tag.

技术效果4:非关键节点容错性Technical Effect 4: Fault Tolerance of Non-Critical Nodes

非关键节点容错性与前文所述的保序验证并不冲突,主要因为两点。Fault tolerance of non-critical nodes does not conflict with the order-preserving verification mentioned above, mainly for two reasons.

第一,控制器指定的关键节点之间的顺序关系,比如图1中的关键节点A、关键节点B和关键节点C之间的顺序关系,仍然要通过转发路径锁定性对应的手段实现。First, the sequential relationship between the key nodes specified by the controller, such as the sequential relationship between key node A, key node B and key node C in Figure 1, still needs to be achieved through the corresponding means of forwarding path locking.

第二,非关键节点容错性主要基于关键节点在预期转发路径中的顺序位置确定向量承诺以及确定转发证明实现。Second, the non-critical node fault tolerance is mainly based on the sequential position of the critical nodes in the expected forwarding path to determine the vector commitment and determine the forwarding proof implementation.

实现容错机制的方式包括如下两种实现方式。There are two ways to implement the fault tolerance mechanism.

容错的实现方式一、在承诺阶段,基于预期转发路径中每个关键节点的身份信息和预期转发路径中每个关键节点的顺序位置确定向量承诺,使得向量承诺绑定了身份信息与顺序位置之间的对应关系。例如,每个关键节点在数学上通过二元组(x_i=i,y_i=r_i)表征,其中i是关键节点在预期转发路径的预期序号,r_i是在预期转发路径预期序号为i的关键节点的身份信息,向量承诺与预期转发路径中每个关键节点的二元组(x_i=i,y_i=r_i)绑定。Fault-tolerance implementation method 1: In the commitment phase, a vector commitment is determined based on the identity information of each key node in the expected forwarding path and the sequential position of each key node in the expected forwarding path, so that the vector commitment binds the correspondence between the identity information and the sequential position. For example, each key node is mathematically represented by a binary tuple (x_i=i, y_i=r_i), where i is the expected sequence number of the key node in the expected forwarding path, and r_i is the identity information of the key node with the expected sequence number i in the expected forwarding path. The vector commitment is bound to the binary tuple (x_i=i, y_i=r_i) of each key node in the expected forwarding path.

在转发阶段,同样基于关键节点的身份信息r_i和关键节点在预期转发路径的顺序位置i计算转发证明。可选地,计算的转发证明为MP而不是OP。MP为计算一段路径的转发证明,用于验证实际转发路径中前半段路径的所有关键节点均在相对正确的顺序位置上。例如实际转发路径中前半段路径的所有关键节点之间的顺序关系与预期转发路径中前半段路径的所有关键节点之间的顺序关系一致。In the forwarding phase, the forwarding proof is also calculated based on the identity information r_i of the key node and the sequential position i of the key node in the expected forwarding path. Optionally, the calculated forwarding proof is MP instead of OP. MP is a forwarding proof calculated for a path, which is used to verify that all key nodes in the first half of the path in the actual forwarding path are in a relatively correct sequential position. For example, the sequential relationship between all key nodes in the first half of the path in the actual forwarding path is consistent with the sequential relationship between all key nodes in the first half of the path in the expected forwarding path.

容错的实现方式二、在承诺阶段,不再绑定关键节点的身份信息与顺序位置之间的对应关系,而只绑定关键节点的身份信息。例如,基于预期转发路径中每个关键节点的身份信息确定向量承诺,确定向量承诺时不使用预期转发路径中每个关键节点的顺序位置。这种不再使用关键节点的顺序位置的方式相当于将每个转发节点在数学转化为二元组(x_i=r_i,y_i=r_i),其中r_i是关键节点i的身份信息,转发节点的二元组中的x和y均为身份信息,不再包括顺序位置i。向量承诺与预期转发路径中每个关键节点的二元组(x_i=r_i,y_i=r_i)绑定。在计算转发证明时,既能够利用OP计算单节点的转发证明,也能够利用MP计算一段路径中多个节点的转发证明。并且计算转发证明时,忽略中间可能存在的非关键节点。但是这种方式得到的转发证明只能证明数据报文经过了这个关键节点,而不能证明关键节点的顺序位置的正确性,导致损失一些位置绑定性。The second implementation method of fault tolerance is that in the commitment stage, the correspondence between the identity information and the sequential position of the key node is no longer bound, but only the identity information of the key node is bound. For example, the vector commitment is determined based on the identity information of each key node in the expected forwarding path, and the sequential position of each key node in the expected forwarding path is not used when determining the vector commitment. This method of no longer using the sequential position of the key node is equivalent to mathematically converting each forwarding node into a binary tuple (x_i=r_i, y_i=r_i), where r_i is the identity information of the key node i, and x and y in the binary tuple of the forwarding node are both identity information, and the sequential position i is no longer included. The vector commitment is bound to the binary tuple (x_i=r_i, y_i=r_i) of each key node in the expected forwarding path. When calculating the forwarding proof, OP can be used to calculate the forwarding proof of a single node, and MP can be used to calculate the forwarding proof of multiple nodes in a path. And when calculating the forwarding proof, non-critical nodes that may exist in the middle are ignored. However, the forwarding proof obtained in this way can only prove that the data message has passed through this key node, but cannot prove the correctness of the sequence position of the key node, resulting in some loss of position binding.

技术效果5:非关键节点可记录性Technical Effect 5: Recordability of Non-Critical Nodes

可选地,在容错的实现方式一的基础上,关键节点在转发数据报文的过程中,记录本节点在实际转发路径的顺序位置,基于记录的关键节点在实际转发路径的顺序位置能够推理出实际转发路径是否存在非关键节点以及实际转发路径中非关键节点的数量,从而实现非关键节点可记录性。此外,由于实际转发路径的顺序位置由关键节点负责记录,不必要求非关键节点执行转发之外的额外动作,也能侧面记录非关键节点的存在,兼容性更好。Optionally, based on the first fault-tolerant implementation method, the key node records the sequence position of the node in the actual forwarding path during the process of forwarding data packets. Based on the recorded sequence position of the key node in the actual forwarding path, it can be inferred whether there are non-key nodes in the actual forwarding path and the number of non-key nodes in the actual forwarding path, thereby achieving the recordability of non-key nodes. In addition, since the sequence position of the actual forwarding path is recorded by the key node, it is not necessary to require the non-key node to perform additional actions other than forwarding, and the existence of the non-key node can be recorded indirectly, which has better compatibility.

在一些实施方式中,对数据报文的结构进行扩展,在数据报文中新增加一个列表,通过该列表记录关键节点实际转发路径的顺序位置,以下将该列表称为实际顺序位置列表(也称真实序号列表)。In some implementations, the structure of the data message is expanded, and a new list is added to the data message to record the sequential position of the actual forwarding path of the key nodes. The list is hereinafter referred to as the actual sequential position list (also called the real sequence number list).

实际顺序位置列表用于记录每个关键节点在实际转发路径的顺序位置。在一些实施方式中,关键节点A在转发数据报文的过程中,关键节点A获取本节点在实际转发路径的顺序位置,并将本节点在实际转发路径的顺序位置写入数据报文携带的实际顺序位置列表。关键节点A将包含本节点实际顺序位置的列表的数据报文转发给关键节点B。关键节点B向实际顺序位置列表中关键节点A的顺序位置之后写入关键节点B在实际转发路径的顺序位置,将包含关键节点A和关键节点B的顺序位置的列表转发给关键节点C。依次类推,每当数据报文经过一个关键节点,数据报文中携带的实际顺序位置列表会增加一个关键节点的实际顺序位置,当数据报文到达最后一个关键节点,最后一个关键节点向数据报文中携带的实际顺序位置列表添加本节点的实际顺序位置后,数据报文中携带的实际顺序位置列表包括实际转发路径经过的每个关键节点的实际顺序位置。The actual sequence position list is used to record the sequence position of each key node in the actual forwarding path. In some embodiments, when key node A is forwarding a data message, key node A obtains the sequence position of this node in the actual forwarding path, and writes the sequence position of this node in the actual forwarding path into the actual sequence position list carried by the data message. Key node A forwards the data message containing the list of the actual sequence position of this node to key node B. Key node B writes the sequence position of key node B in the actual forwarding path after the sequence position of key node A in the actual sequence position list, and forwards the list containing the sequence positions of key node A and key node B to key node C. By analogy, whenever a data message passes through a key node, the actual sequence position list carried in the data message will increase the actual sequence position of a key node. When the data message reaches the last key node, after the last key node adds the actual sequence position of this node to the actual sequence position list carried in the data message, the actual sequence position list carried in the data message includes the actual sequence position of each key node passed by the actual forwarding path.

可选地,实际顺序列表中表项的排列顺序与实际转发路径中关键节点的先后顺序匹配。例如,实际顺序列表中的第一个表项用于记录第一个关键节点在实际转发路径的顺序位置;实际顺序列表中的第二个表项用于记录第二个关键节点在实际转发路径的顺序位置;以此类推,实际顺序列表中的第i个表项用于记录第i个关键节点在实际转发路径的顺序位置。Optionally, the order of the items in the actual sequence list matches the order of the key nodes in the actual forwarding path. For example, the first item in the actual sequence list is used to record the order position of the first key node in the actual forwarding path; the second item in the actual sequence list is used to record the order position of the second key node in the actual forwarding path; and so on, the i-th item in the actual sequence list is used to record the order position of the i-th key node in the actual forwarding path.

可选地,实际顺序位置列表中两个相邻表项用于记录预期转发路径中两个相邻关键节点的顺序位置。两个相邻表项中记录的实际顺序位置之差表征对应的两个关键节点之间存在的非关键节点的数量。Optionally, two adjacent entries in the actual sequence position list are used to record the sequence positions of two adjacent key nodes in the expected forwarding path. The difference between the actual sequence positions recorded in the two adjacent entries represents the number of non-key nodes between the corresponding two key nodes.

可选地,实际顺序位置列表的长度为1字节乘路径长度n,即n字节。其中,路径长度是基于实际转发路径经过的关键节点的数量确定的,路径长度n表示实际转发路径中一共经过n个关键节点。1字节用于存储一个关键节点在实际转发路径的顺序位置。考虑到1字节最多能够保存256个值,而TTL(实际转发路径中顺序位置)的最大值是255,因此通过1字节足够承载任意关键节点在实际转发路径的顺序位置。Optionally, the length of the actual sequential position list is 1 byte multiplied by the path length n, that is, n bytes. Among them, the path length is determined based on the number of key nodes passed by the actual forwarding path, and the path length n represents a total of n key nodes passed in the actual forwarding path. 1 byte is used to store the sequential position of a key node in the actual forwarding path. Considering that 1 byte can store up to 256 values, and the maximum value of TTL (sequential position in the actual forwarding path) is 255, 1 byte is sufficient to carry the sequential position of any key node in the actual forwarding path.

例如,控制器规划的预期转发路径为ABCD,关键节点A、关键节点B、关键节点C和关键节点D分别对应的顺序位置为1234。关键节点A与关键节点B之间存在1个非关键节点,关键节点B与关键节点C之间存在2个非关键节点,关键节点C与关键节点D之间存在2个非关键节点。在这一场景下,关键节点A将本节点在实际转发路径中的顺序位置(1)添加至数据报文中携带的实际顺序位置列表中的第一个表项,关键节点B将本节点在实际转发路径中的顺序位置(3)添加至数据报文中携带的实际顺序位置列表中的第二个表项,关键节点C将本节点在实际转发路径中的顺序位置(5)添加至数据报文中携带的实际顺序位置列表中的第三个表项,关键节点D将本节点在实际转发路径中的顺序位置(9)添加至数据报文中携带的实际顺序位置列表中的第四个表项,数据报文的目的主机最终接收到的数据报文中携带的实际顺序位置列表如下表所示。

For example, the expected forwarding path planned by the controller is ABCD, and the sequence positions corresponding to the key nodes A, B, C, and D are 1234 respectively. There is one non-key node between the key nodes A and B, two non-key nodes between the key nodes B and C, and two non-key nodes between the key nodes C and D. In this scenario, the key node A adds the sequence position (1) of the node in the actual forwarding path to the first table item in the actual sequence position list carried in the data message, the key node B adds the sequence position (3) of the node in the actual forwarding path to the second table item in the actual sequence position list carried in the data message, the key node C adds the sequence position (5) of the node in the actual forwarding path to the third table item in the actual sequence position list carried in the data message, and the key node D adds the sequence position (9) of the node in the actual forwarding path to the fourth table item in the actual sequence position list carried in the data message. The actual sequence position list carried in the data message finally received by the destination host of the data message is shown in the following table.

在另一些实施方式中,非关键节点通过转发数据报文的过程中,通过记录本节点在实际转发路径的顺序位置,从而实现非关键节点可记录性。例如,实际转发路径中存在一个或多个不支持转发证明计算或者不支持转发证明验证、但支持记录实际转发路径的顺序位置的转发节点,该转发节点在接收到数据报文后,基于数据报文中的TTL或者其他字段确定本节点在实际转发路径的顺序位置,将本节点在实际转发路径的顺序位置添加至数据报文携带的实际顺序位置列表中,或者向验证节点发送本节点在实际转发路径的顺序位置。In other embodiments, the non-critical node records the sequential position of the node in the actual forwarding path during the process of forwarding the data message, thereby achieving the recordability of the non-critical node. For example, there are one or more forwarding nodes in the actual forwarding path that do not support forwarding proof calculation or forwarding proof verification but support recording the sequential position of the actual forwarding path. After receiving the data message, the forwarding node determines the sequential position of the node in the actual forwarding path based on the TTL or other fields in the data message, adds the sequential position of the node in the actual forwarding path to the actual sequential position list carried by the data message, or sends the sequential position of the node in the actual forwarding path to the verification node.

由于利用了向量承诺,本申请实施例能够实现技术效果1关键路径绑定性和技术效果2的源头正确性。由于利用了多项式承诺技术,本申请实施例能够实现技术效果3计算高效性和通讯(空间)高效性。Due to the use of vector commitment, the embodiment of the present application can achieve the technical effect 1 of key path binding and the source correctness of technical effect 2. Due to the use of polynomial commitment technology, the embodiment of the present application can achieve the technical effect 3 of computational efficiency and communication (space) efficiency.

下面对本申请实施例的系统架构举例说明。The following is an example of the system architecture of the embodiment of the present application.

本申请实施例提供了一种通用的可信路径保护技术,能够实现数据面转发路径的保护,所以能够应用于计算机网络的任意层次中任意一个需要可信路径保护的场景。例如,链路层适用于Ethernet或MPLS协议;网络层适用于IPv4或IPv6协议;隧道层适用于SRv6、应用感知网络(application-aware networking,APN)、虚拟可扩展局域网(virtual extensible LAN,VxLAN)或者Internet协议安全(internet protocol security,IPSec);业务层适用于业务功能链(service function chaining,SFC)协议等。不同协议场景下的区别主要在于携带承诺和转发证明的报文头以及具体携带位置的不同。下面首先描述通用的可信路径协议步骤、函数和角色,然后针对不同协议的场景下的具体实施例解释说明。The embodiments of the present application provide a general trusted path protection technology, which can realize the protection of the data plane forwarding path, so it can be applied to any scenario in any layer of the computer network that requires trusted path protection. For example, the link layer is applicable to Ethernet or MPLS protocols; the network layer is applicable to IPv4 or IPv6 protocols; the tunnel layer is applicable to SRv6, application-aware networking (APN), virtual extensible LAN (VxLAN) or Internet Protocol security (IPSec); the business layer is applicable to service function chaining (SFC) protocols, etc. The difference in different protocol scenarios mainly lies in the differences in the message headers carrying commitments and forwarding certificates and the specific carrying locations. The following first describes the general trusted path protocol steps, functions and roles, and then explains the specific embodiments in different protocol scenarios.

任意一个需要可信路径的场景存在路径规划方、转发节点以及验证节点这几种角色。In any scenario that requires a trusted path, there are several roles: path planner, forwarding node, and verification node.

路径规划方用于在以上列举的任意网络层次中确定一条网络转发路径,该转发路径可通过由N个转发节点(或称路由节点)的信息形成的向量P=(r_1,r_2,…,r_N)表征。其中,r_i是转发节点i的公开可验证的身份信息。路径规划方在确定这条转发路径之后,要计算这条转发路径对应的承诺C。路径规划方提前获得网络中所有转发节点的身份信息。The path planner is used to determine a network forwarding path in any of the network layers listed above. The forwarding path can be represented by a vector P = (r_1, r_2, ..., r_N) formed by the information of N forwarding nodes (or routing nodes). Among them, r_i is the publicly verifiable identity information of forwarding node i. After determining this forwarding path, the path planner needs to calculate the commitment C corresponding to this forwarding path. The path planner obtains the identity information of all forwarding nodes in the network in advance.

可选地,路径规划方执行远程证明秘密分发,秘密为密文形式的转发节点的身份信息。例如,路径规划方向预期转发路径中N个转发节点分别发送对应转发节点的身份信息密文,以便预期转发路径中N个转发节点基于接收到的身份信息密文确定向量承诺。Optionally, the path planner performs remote attestation secret distribution, where the secret is the identity information of the forwarding node in ciphertext form. For example, the path planner sends the ciphertext of the identity information of the corresponding forwarding node to each of the N forwarding nodes in the expected forwarding path, so that the N forwarding nodes in the expected forwarding path determine the vector commitment based on the received ciphertext of the identity information.

转发节点进一步划分为关键节点和非关键节点。关键节点和非关键节点的概念定义请参考前文的描述。Forwarding nodes are further divided into key nodes and non-key nodes. Please refer to the previous description for the definition of key nodes and non-key nodes.

每个关键节点当接收到一个报文头携带可信路径标识符的数据报文,则计算一个转发证明p_i,并向验证节点公开转发证明p_i。p_i例如是一个单点证明(OP),单点证明用于证明在i这个位置的这个关键节点r_i转发了这条数据报文;p_i也可以是一个多点证明(MP),多点证明用于证明从1到i这i个位置的关键节点(r_1,r_2,…,r_i)都在正确位置转发了数据报文。When each key node receives a data message with a trusted path identifier in the message header, it calculates a forwarding proof p_i and publishes the forwarding proof p_i to the verification node. p_i is, for example, a single-point proof (OP), which is used to prove that the key node r_i at position i forwarded the data message; p_i can also be a multi-point proof (MP), which is used to prove that the key nodes (r_1, r_2, ..., r_i) at positions i from 1 to i have forwarded the data message at the correct location.

验证节点也称观察者。验证节点例如是任何关心转发路径可信性的设备。验证节点用于基于控制器生成的承诺C、转发节点的身份以及转发节点的位置,对转发节点计算的转发证明进行验证。在一种可能的实现中,验证节点是无偏的,即验证节点的观察和验证结果都和正确情况下协议的输出相同。A verification node is also called an observer. A verification node is, for example, any device that cares about the credibility of the forwarding path. The verification node is used to verify the forwarding proof calculated by the forwarding node based on the commitment C generated by the controller, the identity of the forwarding node, and the location of the forwarding node. In one possible implementation, the verification node is unbiased, that is, the observation and verification results of the verification node are the same as the output of the protocol in the correct case.

图2是本申请实施例提供的一种路径验证方法的示意图。图2所示方法由路径规划方、转发节点以及验证节点交互执行。Fig. 2 is a schematic diagram of a path verification method provided by an embodiment of the present application. The method shown in Fig. 2 is interactively executed by a path planner, a forwarding node, and a verification node.

图2所示方法涉及业务数据传输过程中多个关键节点之间的交互,为了区分不同的转发节点,用“关键节点A”、“关键节点B”区分描述多个不同的关键节点。附图2所示方法涉及实际转发路径经过的多个转发节点执行的数据报文处理过程,由于不同关键节点执行的处理过程具有共性,为了描述简洁,附图2所示方法侧重以两个关键节点执行的处理过程为例进行说明。当然,实际转发路径中可能存在三个或者更多的关键节点,更多关键节点执行的处理过程可参考关键节点A或者关键节点B执行的处理过程。The method shown in Figure 2 involves the interaction between multiple key nodes during the service data transmission process. In order to distinguish different forwarding nodes, "key node A" and "key node B" are used to distinguish and describe multiple different key nodes. The method shown in Figure 2 involves the data message processing process performed by multiple forwarding nodes through which the actual forwarding path passes. Since the processing processes performed by different key nodes have commonalities, in order to simplify the description, the method shown in Figure 2 focuses on the processing process performed by two key nodes as an example. Of course, there may be three or more key nodes in the actual forwarding path, and the processing processes performed by more key nodes can refer to the processing processes performed by key node A or key node B.

关键节点A以及关键节点B均为预期转发路径经过的节点。换句话说,路径规划方在规划转发路径时,预先指定了业务数据要先后通过关键节点A以及关键节点B转发。Key node A and key node B are nodes that the expected forwarding path passes through. In other words, when planning the forwarding path, the path planner pre-specifies that the business data must be forwarded through key node A and key node B in sequence.

图2所示方法涉及转发节点对数据报文的处理过程,为了区分描述,用“第一数据报文”描述充当输入数据的数据报文,用“第二数据报文”描述充当输出结果的数据报文。第一数据报文和第二数据报文均携带业务数据。第二数据报文的目的方包括多种情况。在一些实施方式中,第二数据报文会发送给下一个转发节点。在另一些实施方式中,第二数据报文是输出至本设备的应用程序或者操作系统自行处理。The method shown in FIG2 involves a process of forwarding nodes processing data packets. In order to distinguish the description, "first data packet" is used to describe the data packet that serves as input data, and "second data packet" is used to describe the data packet that serves as output results. Both the first data packet and the second data packet carry business data. The destination of the second data packet includes multiple situations. In some embodiments, the second data packet is sent to the next forwarding node. In other embodiments, the second data packet is output to the application program or operating system of the device and is processed by itself.

图2所示方法涉及如何实现非关键节点的容错性的应用场景。例如,第一数据报文的实际转发路径中存在至少两个关键节点之间经过至少一个非关键节点。例如,至少两个关键节点在第一数据报文的预期转发路径的先后顺序与该至少两个关键节点在第一数据报文的实际转发路径中的先后顺序相同,且至少两个关键节点在预期转发路径的顺序位置与该至少两个关键节点实际转发路径中的顺序位置不同。The method shown in FIG2 relates to an application scenario of how to achieve fault tolerance of non-critical nodes. For example, there is at least one non-critical node between at least two critical nodes in the actual forwarding path of the first data message. For example, the sequence of at least two critical nodes in the expected forwarding path of the first data message is the same as the sequence of the at least two critical nodes in the actual forwarding path of the first data message, and the sequence position of at least two critical nodes in the expected forwarding path is different from the sequence position of the at least two critical nodes in the actual forwarding path.

图2所示方法包括如下步骤。The method shown in FIG. 2 includes the following steps.

S210,路径规划方确定预期转发路径。S210: The path planner determines an expected forwarding path.

预期转发路径包括至少两个关键节点。例如,路径规划方确定一条预期转发路径P=(r_1,r_2,…,r_N),P是由N个关键节点中每个关键节点的身份信息以及N个关键节点中每个关键节点的顺序位置组成的向量P,其中r_i是关键节点的公开可验证身份的信息,例如CA颁发的证书或者访问控制服务器下发的访问令牌等。S210也称路径选择步骤。The expected forwarding path includes at least two key nodes. For example, the path planner determines an expected forwarding path P = (r_1, r_2, ..., r_N), where P is a vector P consisting of the identity information of each key node in the N key nodes and the sequential position of each key node in the N key nodes, where r_i is the publicly verifiable identity information of the key node, such as a certificate issued by a CA or an access token issued by an access control server. S210 is also called a path selection step.

S220,路径规划方确定第一向量承诺。S220: The path planner determines a first vector commitment.

所述第一向量承诺指示至少两个关键节点在所述预期转发路径中的顺序位置与所述至少两个关键节点的身份之间的对应关系,例如,路径规划方根据预期转发路径中每个关键节点的身份信息以及每个关键节点的顺序位置计算第一向量承诺。The first vector commitment indicates a correspondence between the sequential positions of at least two key nodes in the expected forwarding path and the identities of the at least two key nodes. For example, the path planner calculates the first vector commitment based on the identity information of each key node in the expected forwarding path and the sequential position of each key node.

在一些实施方式中,路径规划方在确定向量承诺时使用的输入数据包括一条长度为N的预期转发路径,例如向量P=(r_1,r_2,…,r_N)。路径规划方利用向量承诺机制中的承诺函数,基于N个关键节点中每个关键节点的身份信息以及N个关键节点中每个关键节点的顺序位置,计算一个与预期转发路径P绑定的向量承诺C=commit(P)。路径规划方输出一个长度为k的承诺C,k与安全参数lambda有关。In some embodiments, the input data used by the path planner in determining the vector commitment includes an expected forwarding path of length N, such as a vector P = (r_1, r_2, ..., r_N). The path planner uses the commitment function in the vector commitment mechanism to calculate a vector commitment C = commit(P) bound to the expected forwarding path P based on the identity information of each of the N key nodes and the sequential position of each of the N key nodes. The path planner outputs a commitment C of length k, where k is related to the security parameter lambda.

在一种可能的实现中,根据向量承诺的验证算法,如果承诺C、位置i、身份r_i和相关辅助数据针对转发证明的验证结果是1,则表示转发证明通过验证。如果承诺C、位置i、身份r_i和相关辅助数据针对转发证明的验证结果是0,则表示转发证明未通过验证。辅助数据例如计算承诺时所基于的密码学参数。S220也称路径承诺或者路径初始化步骤。In a possible implementation, according to the verification algorithm of the vector commitment, if the verification result of the commitment C, position i, identity r_i and related auxiliary data for the forwarding proof is 1, it means that the forwarding proof has passed the verification. If the verification result of the commitment C, position i, identity r_i and related auxiliary data for the forwarding proof is 0, it means that the forwarding proof has not passed the verification. Auxiliary data is, for example, the cryptographic parameters based on which the commitment is calculated. S220 is also called a path commitment or path initialization step.

在一种可能的实现中,在转发数据报文前,控制器将计算转发证明所需要的身份信息和辅助数据分发至预期转发路径中每个关键节点,从而实现数据预分发。辅助数据例如计算向量承诺时所基于的密码学参数。In one possible implementation, before forwarding a data message, the controller distributes the identity information and auxiliary data required for calculating the forwarding proof to each key node in the expected forwarding path, thereby achieving data pre-distribution. Auxiliary data, for example, is the cryptographic parameters based on which the vector commitment is calculated.

可选地,路径规划方还在数据报文转发前向验证节点发送第一向量承诺,从而将第一向量承诺通过控制面预分发的方式传递给验证节点。或者,路径规划方向预期转发路径中第一个关键节点发送第一向量承诺,由预期转发路径中第一个关键节点将第一向量承诺添加至数据报文中,使得第一向量承诺随着业务数据一起传递至验证节点。Optionally, the path planner also sends a first vector commitment to the verification node before forwarding the data message, so that the first vector commitment is delivered to the verification node by means of control plane pre-distribution. Alternatively, the path planner sends the first vector commitment to the first key node in the expected forwarding path, and the first key node in the expected forwarding path adds the first vector commitment to the data message, so that the first vector commitment is delivered to the verification node together with the service data.

S230,关键节点A获取数据报文A。S230, key node A obtains data message A.

数据报文A携带业务数据。可选地,数据报文A还携带向量承诺,以便验证节点通过获取数据报文中携带的向量承诺来验证转发证明。Data message A carries service data. Optionally, data message A also carries a vector commitment, so that the verification node verifies the forwarding proof by obtaining the vector commitment carried in the data message.

可选地,数据报文A还携带可信路径标识符,从而通过可信路径标识符触发转发证明的确定过程或/和验证过程。Optionally, data packet A also carries a trusted path identifier, thereby triggering a determination process and/or a verification process of the forwarding certificate through the trusted path identifier.

数据报文A的来源包括多种情况。在一些实施方式中,数据报文A的全部内容或者部分内容是从源主机接收到的。例如,关键节点A为与源主机通信的入口PE,源主机生成了业务数据并将业务数据发送给关键节点A,关键节点A基于来自源主机的业务数据以及向量承诺生成数据报文A,数据报文A包括报文头以及载荷字段,报文头携带向量承诺,载荷字段携带业务数据。在另一些实施方式中,数据报文A是的全部内容或者部分内容是关键节点A自行生成的。例如,关键节点A本身正是源主机,关键节点A通过本设备的应用程序或者操作系统自行生成数据报文A。The source of data message A includes many situations. In some embodiments, all or part of the content of data message A is received from the source host. For example, key node A is the entry PE that communicates with the source host. The source host generates business data and sends the business data to key node A. Key node A generates data message A based on the business data from the source host and the vector commitment. Data message A includes a message header and a payload field. The message header carries the vector commitment, and the payload field carries the business data. In other embodiments, all or part of the content of data message A is generated by key node A itself. For example, key node A itself is the source host, and key node A generates data message A by itself through the application or operating system of this device.

下面针对关键节点A执行后续确定转发证明的触发条件举例说明。The following example illustrates the triggering conditions for the subsequent determination of the forwarding proof by key node A.

在一种可能的实现中,关键节点A如果确定数据报文A的报文头中携带有可信路径标识符,则执行后续基于身份信息以及顺序位置获得转发证明的步骤。关键节点A如果确定数据报文A的报文头中不携带有可信路径标识符,则无需执行后续基于身份信息以及顺序位置获得转发证明的步骤,对数据报文A转发给下一个转发节点。可信路径标识符用于指示数据报文A需要通过可信路径转发。In a possible implementation, if key node A determines that the header of data message A carries a trusted path identifier, it executes the subsequent steps of obtaining forwarding proof based on identity information and sequence position. If key node A determines that the header of data message A does not carry a trusted path identifier, it does not need to execute the subsequent steps of obtaining forwarding proof based on identity information and sequence position, and forwards data message A to the next forwarding node. The trusted path identifier is used to indicate that data message A needs to be forwarded through a trusted path.

通过在数据报文的报文头中包含可信路径标识符,支持转发节点根据标识符的有无决定是否需要进行转发证明的计算。例如,如果关键节点A确定数据报文中没有携带可信路径标识符,关键节点A使用原有的转发机制,而不需要计算转发证明。By including a trusted path identifier in the header of a data message, the forwarding node is supported to decide whether to calculate the forwarding proof based on the presence or absence of the identifier. For example, if key node A determines that the data message does not carry a trusted path identifier, key node A uses the original forwarding mechanism without calculating the forwarding proof.

在另一种可能的实现中,关键节点A获得数据报文后,关键节点A识别数据报文中携带的业务类型;响应于识别出数据报文携带有特定业务类型的数据,则执行获得转发证明的步骤,从而实现对特定业务的转发证明。例如,关键节点A响应于识别出数据报文包含业务功能链协议中的网络服务头(network service header,NSH),确定数据报文携带有业务功能链的数据,则执行获得转发证明的步骤。又如,关键节点A对数据报文中的载荷数据进行应用识别,得到载荷数据对应的应用类型。响应于该应用类型为目标应用,则执行获得转发证明的步骤。In another possible implementation, after key node A obtains a data message, key node A identifies the service type carried in the data message; in response to identifying that the data message carries data of a specific service type, the step of obtaining a forwarding certificate is executed, thereby realizing a forwarding certificate for a specific service. For example, in response to identifying that the data message contains a network service header (NSH) in the service function chain protocol, key node A determines that the data message carries data of the service function chain, and then executes the step of obtaining a forwarding certificate. For another example, key node A performs application identification on the payload data in the data message and obtains the application type corresponding to the payload data. In response to the application type being a target application, the step of obtaining a forwarding certificate is executed.

在另一种可能的实现中,关键节点A获得数据报文后,关键节点A响应于识别出数据报文包含特定隧道中每个节点的标识,则执行获得转发证明的步骤,以便验证数据报文是否经过特定隧道转发。例如,应用于SRv6场景,关键节点A响应于识别出数据报文携带段列表(segment list),则执行获得转发证明的步骤。又如,应用于MPLS场景,关键节点A响应于识别出数据报文携带标签栈,则执行获得转发证明的步骤。In another possible implementation, after key node A obtains a data message, key node A, in response to identifying that the data message contains the identifier of each node in a specific tunnel, performs the step of obtaining a forwarding certificate, so as to verify whether the data message is forwarded through the specific tunnel. For example, when applied to an SRv6 scenario, key node A, in response to identifying that the data message carries a segment list, performs the step of obtaining a forwarding certificate. For another example, when applied to an MPLS scenario, key node A, in response to identifying that the data message carries a label stack, performs the step of obtaining a forwarding certificate.

S240,关键节点A获取被验证节点在预期转发路径中的顺序位置以及被验证节点的身份信息。S240, key node A obtains the sequence position of the verified node in the expected forwarding path and the identity information of the verified node.

被验证节点是指作为验证对象的转发设备。被验证节点包括而不限于当前节点、当前节点的邻居节点、第一个转发节点至当前节点中的每个节点。被验证节点在预期转发路径中的顺序位置与关键节点A在数据报文A的实际转发路径中的顺序位置不同。被验证节点的身份信息指示关键节点A的身份。The verified node refers to the forwarding device that is the object of verification. The verified node includes but is not limited to the current node, the neighboring node of the current node, and each node from the first forwarding node to the current node. The sequence position of the verified node in the expected forwarding path is different from the sequence position of the key node A in the actual forwarding path of the data packet A. The identity information of the verified node indicates the identity of the key node A.

在一些实施方式中,被验证节点为当前节点。例如,当数据报文传输至关键节点A,被验证节点为关键节点A。关键节点A获取关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息,基于关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息获得第一转发证明。通过对当前节点进行路径验证,有助于验证本节点是否为预期的转发节点或者本节点所处的顺序位置是否为预期的顺序位置。特别是,在关键节点A为第一个转发节点或者源主机的情况下,有助于验证数据报文的来源的正确性。In some embodiments, the verified node is the current node. For example, when a data message is transmitted to key node A, the verified node is key node A. Key node A obtains the sequential position of key node A in the expected forwarding path and the identity information of key node A, and obtains the first forwarding certificate based on the sequential position of key node A in the expected forwarding path and the identity information of key node A. By performing path verification on the current node, it helps to verify whether this node is the expected forwarding node or whether the sequential position of this node is the expected sequential position. In particular, when key node A is the first forwarding node or the source host, it helps to verify the correctness of the source of the data message.

在一些实施方式中,被验证节点包括当前节点的邻居节点。In some implementations, the verified node includes a neighbor node of the current node.

例如,被验证节点为当前节点的下一个节点,当数据报文传输至关键节点A,被验证节点为关键节点B。关键节点A获取关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息,关键节点A基于关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得转发证明A。通过对下一个节点进行路径验证,有助于验证下一个节点是否为预期的转发节点或者下一个节点所处的顺序位置是否为预期的顺序位置,从而降低数据报文传输至非预期的转发节点的风险。For example, the verified node is the next node of the current node. When the data message is transmitted to key node A, the verified node is key node B. Key node A obtains the sequence position of key node B in the expected forwarding path and the identity information of key node B. Key node A obtains forwarding proof A based on the sequence position of key node B in the expected forwarding path and the identity information of key node B. By performing path verification on the next node, it is helpful to verify whether the next node is the expected forwarding node or whether the sequence position of the next node is the expected sequence position, thereby reducing the risk of data message transmission to an unexpected forwarding node.

又如,被验证节点为当前节点的上一个节点,当数据报文传输至关键节点B,被验证节点为关键节点A。关键节点B获取关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息,关键节点B基于关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息获得转发证明A。通过对下一个节点进行路径验证,有助于验证下一个节点是否为预期的转发节点或者下一个节点所处的顺序位置是否为预期的顺序位置,从而降低数据报文传输至非预期的转发节点的风险。For another example, the verified node is the previous node of the current node. When the data message is transmitted to the key node B, the verified node is the key node A. The key node B obtains the sequence position of the key node A in the expected forwarding path and the identity information of the key node A. The key node B obtains the forwarding proof A based on the sequence position of the key node A in the expected forwarding path and the identity information of the key node A. By performing path verification on the next node, it is helpful to verify whether the next node is the expected forwarding node or whether the sequence position of the next node is the expected sequence position, thereby reducing the risk of data message transmission to an unexpected forwarding node.

又如,被验证节点包括当前节点以及当前节点的上一个节点,当数据报文传输至关键节点A,被验证节点包括关键节点A以及关键节点A的上一个节点(例如源主机)。关键节点A基于关键节点A在预期转发路径中的顺序位置、关键节点A的身份信息、关键节点A的上一个节点在预期转发路径中的顺序位置以及关键节点A的上一个节点的身份信息,获得转发证明A。通过转发证明A能够验证关键节点A以及关键节点A的上一个节点是否均在预期的顺序位置上转发数据报文,在这种情况下,关键节点A对应于第一转发节点,关键节点A的上一个节点对应于第二转发节点。For another example, the verified nodes include the current node and the previous node of the current node. When the data message is transmitted to the key node A, the verified nodes include the key node A and the previous node of the key node A (for example, the source host). The key node A obtains the forwarding proof A based on the sequential position of the key node A in the expected forwarding path, the identity information of the key node A, the sequential position of the previous node of the key node A in the expected forwarding path, and the identity information of the previous node of the key node A. Through the forwarding proof A, it can be verified whether the key node A and the previous node of the key node A both forward the data message in the expected sequential position. In this case, the key node A corresponds to the first forwarding node, and the previous node of the key node A corresponds to the second forwarding node.

在一些实施方式中,被验证节点包括第一个转发节点至当前节点中的每个节点。例如,当数据报文传输至关键节点B,被验证节点包括关键节点A和关键节点B。关键节点B获取关键节点A在预期转发路径中的顺序位置、关键节点A的身份信息、关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息,关键节点B基于关键节点A在预期转发路径中的顺序位置、关键节点A的身份信息、关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得转发证明A。通过对上半程路径经过的每个节点进行路径验证,有助于验证数据报文是否途径非预期的转发节点。In some embodiments, the verified node includes each node from the first forwarding node to the current node. For example, when the data message is transmitted to the key node B, the verified node includes the key node A and the key node B. The key node B obtains the sequential position of the key node A in the expected forwarding path, the identity information of the key node A, the sequential position of the key node B in the expected forwarding path, and the identity information of the key node B. The key node B obtains the forwarding proof A based on the sequential position of the key node A in the expected forwarding path, the identity information of the key node A, the sequential position of the key node B in the expected forwarding path, and the identity information of the key node B. By performing path verification on each node passed by the first half of the path, it is helpful to verify whether the data message passes through an unexpected forwarding node.

被验证节点在预期转发路径中的顺序位置的获取方式包括很多方式,下面以两种实现方式举例说明。There are many ways to obtain the sequential position of the verified node in the expected forwarding path. The following two implementation methods are used as examples.

被验证节点在预期转发路径中的顺序位置的获取方式一、通过携带业务数据的数据报文获得被验证节点在预期转发路径中的顺序位置。Method 1 for obtaining the sequential position of the verified node in the expected forwarding path: obtaining the sequential position of the verified node in the expected forwarding path through a data message carrying service data.

在一些实施方式中,数据报文A的预定字段携带被验证节点在预期转发路径中的顺序位置。比如说,数据报文A的报文头携带被验证节点在预期转发路径中的顺序位置。例如,数据报文的报文头包括类型-长度-值(type-length-value,TLV)或预留字段,TLV或预留字段携带被验证节点在预期转发路径中的顺序位置。In some embodiments, a predetermined field of data message A carries the sequential position of the verified node in the expected forwarding path. For example, the header of data message A carries the sequential position of the verified node in the expected forwarding path. For example, the header of the data message includes a type-length-value (TLV) or a reserved field, and the TLV or reserved field carries the sequential position of the verified node in the expected forwarding path.

在一些实施方式中,关键节点A对数据报文A中预定字段的内容进一步加工处理后获得被验证节点在预期转发路径中的顺序位置。例如,数据报文A的报文头中携带路径信息,路径信息包括预期转发路径中每个关键节点的标识。路径信息中每个关键节点的标识的排列顺序与预期转发路径中各个关键节点的标识的排列顺序匹配。关键节点A基于被验证节点的标识在路径信息中所处的顺序位置,确定被验证节点在预期转发路径中的顺序位置。In some embodiments, the key node A further processes the content of the predetermined field in the data message A to obtain the sequential position of the verified node in the expected forwarding path. For example, the message header of the data message A carries the path information, and the path information includes the identifier of each key node in the expected forwarding path. The arrangement order of the identifier of each key node in the path information matches the arrangement order of the identifiers of each key node in the expected forwarding path. The key node A determines the sequential position of the verified node in the expected forwarding path based on the sequential position of the identifier of the verified node in the path information.

例如,在SRv6场景下获取顺序位置的一些实施方式中,数据报文A包括段路由头(segment routing header,SRH),SRH包括段列表(segment list),segment list包括关键节点A的SID,关键节点A基于关键节点A的SID在segment list中所处的顺序位置,获得被验证节点在预期转发路径中的顺序位置。例如,如果关键节点A的SID在segment list中处于第i个条目,则确定被验证节点在预期转发路径中的顺序位置为i。作为示例,关键节点A基于节点_i的SID相较于segment list[N]的偏移,确定被验证节点在预期转发路径中的顺序位置。可选地,关键节点A还基于关键节点A的上游节点的SID相较于segment list[N]的偏移获得该上游节点在转发路径上的相对位置。For example, in some implementations of obtaining the sequential position in the SRv6 scenario, data packet A includes a segment routing header (SRH), the SRH includes a segment list (segment list), the segment list includes the SID of the key node A, and the key node A obtains the sequential position of the verified node in the expected forwarding path based on the sequential position of the SID of the key node A in the segment list. For example, if the SID of the key node A is in the i-th entry in the segment list, the sequential position of the verified node in the expected forwarding path is determined to be i. As an example, the key node A determines the sequential position of the verified node in the expected forwarding path based on the offset of the SID of node_i compared to segment list[N]. Optionally, the key node A also obtains the relative position of the upstream node on the forwarding path based on the offset of the SID of the upstream node of the key node A compared to segment list[N].

在SFC场景下获取顺序位置的一些实施方式中,数据报文A包括路径标识,关键节点A获取数据报文A中携带的路径标识。关键节点A基于路径标识以及关键节点A保存的对应关系,获得被验证节点在预期转发路径中的顺序位置。对应关系包括路径标识以及被验证节点在预期转发路径中的顺序位置。例如,关键节点A基于路径标识查找对应关系,获得与路径标识对应的本节点的顺序位置。路径标识用于标识预期转发路径。对应关系例如通过控制面预分发的方式获得。In some implementations of obtaining the sequential position in the SFC scenario, data packet A includes a path identifier, and key node A obtains the path identifier carried in data packet A. Key node A obtains the sequential position of the verified node in the expected forwarding path based on the path identifier and the corresponding relationship saved by key node A. The corresponding relationship includes the path identifier and the sequential position of the verified node in the expected forwarding path. For example, key node A searches for the corresponding relationship based on the path identifier to obtain the sequential position of the node corresponding to the path identifier. The path identifier is used to identify the expected forwarding path. The corresponding relationship is obtained, for example, by pre-distribution of the control plane.

由于通过数据报文来获得预期转发路径中的顺序位置,能够较为快速获得预期转发路径中的顺序位置,节省了转发设备通过查表匹配来获得预期转发路径中的顺序位置的性能开销和计算开销,也节省了通过查表匹配来获得预期转发路径中的顺序位置会在转发设备中占用的存储空间。Since the sequential position in the expected forwarding path is obtained through the data message, the sequential position in the expected forwarding path can be obtained relatively quickly, which saves the performance overhead and computing overhead of the forwarding device to obtain the sequential position in the expected forwarding path through table lookup matching, and also saves the storage space occupied in the forwarding device to obtain the sequential position in the expected forwarding path through table lookup matching.

预期转发路径的顺序位置的获取方式二、通过控制面预分发的方式获得预期转发路径中的顺序位置。Method 2 for obtaining the sequence position of the expected forwarding path: obtaining the sequence position in the expected forwarding path by means of control plane pre-distribution.

控制面预分发的方式主要是基于路径规划方与转发节点进行交互实现的。例如,路径规划方在确定预期转发路径的过程中,路径规划方确定被验证节点在预期转发路径中的顺序位置。路径规划方向关键节点A发送被验证节点在预期转发路径中的顺序位置。关键节点A接收来自路径规划方的被验证节点在预期转发路径中的顺序位置。The control plane pre-distribution method is mainly implemented based on the interaction between the path planner and the forwarding node. For example, in the process of determining the expected forwarding path, the path planner determines the sequential position of the verified node in the expected forwarding path. The path planner sends the sequential position of the verified node in the expected forwarding path to the key node A. The key node A receives the sequential position of the verified node in the expected forwarding path from the path planner.

在一些实施方式中,发送被验证节点在预期转发路径中的顺序位置的动作基于管理面协议实现。例如,路径规划方向关键节点A发送网络配置协议(network configuration protocol,NETCONF)报文、表现层状态转移配置(representational state transfer configuration,RESTCONF)报文或者简单网络管理协议(simple network management protocol,SNMP)报文等管理面协议报文,管理面协议报文携带被验证节点在预期转发路径中的顺序位置,关键节点A接收管理面协议报文,获得管理面协议报文携带的本节点在预期转发路径中的顺序位置。又如,路径规划方向关键节点A发送边界网关协议(border gateway protocol,BGP)报文、路径计算元素协议(path computation element protocol,PCEP)报文或者边界网关协议流规则(border gateway protocol flow spec,BGP flow specification,简称BGP flow spec或BGP FS)等控制面协议报文,控制面协议报文携带被验证节点在预期转发路径中的顺序位置,关键节点A接收控制面协议报文,获得控制面协议报文携带的本节点在预期转发路径中的顺序位置。又如,路径规划方向关键节点A发送APN报文、超文本传输协议(hypertext transfer protocol,HTTP)报文等应用层协议报文,应用层协议报文携带被验证节点在预期转发路径中的顺序位置。In some embodiments, the action of sending the sequential position of the verified node in the expected forwarding path is implemented based on the management plane protocol. For example, the path planning direction sends a management plane protocol message such as a network configuration protocol (NETCONF) message, a representational state transfer configuration (RESTCONF) message, or a simple network management protocol (SNMP) message to the key node A, and the management plane protocol message carries the sequential position of the verified node in the expected forwarding path. The key node A receives the management plane protocol message and obtains the sequential position of the node in the expected forwarding path carried by the management plane protocol message. For another example, the path planning direction sends control plane protocol messages such as border gateway protocol (BGP) messages, path computation element protocol (PCEP) messages, or border gateway protocol flow spec (BGP flow specification, referred to as BGP flow spec or BGP FS) to key node A, and the control plane protocol message carries the sequence position of the verified node in the expected forwarding path. Key node A receives the control plane protocol message and obtains the sequence position of the node in the expected forwarding path carried by the control plane protocol message. For another example, the path planning direction sends application layer protocol messages such as APN messages and hypertext transfer protocol (HTTP) messages to key node A, and the application layer protocol message carries the sequence position of the verified node in the expected forwarding path.

在另一些实施方式中,由控制器向预期转发路径上每一个关键节点下发预期转发路径上位于该关键节点上游的每个关键节点的顺序位置。例如,控制器向关键节点i发送预期转发路径中从第一个关键节点至关键节点i中每个关键节点的顺序位置。In other embodiments, the controller sends the sequential position of each key node upstream of the key node on the expected forwarding path to each key node on the expected forwarding path. For example, the controller sends the sequential position of each key node from the first key node to key node i in the expected forwarding path to key node i.

在另一些实施方式中,网络管理员预先在预期转发路径上每一个关键节点配置该关键节点在预期转发路径上的顺序位置。可选地,在采用MP模式计算多点转发证明的情况下,网络管理员还在预期转发路径上每一个关键节点配置该关键节点上游的每个关键节点在预期转发路径上的顺序位置。例如,关键节点i保存的配置信息包括转发路径中关键节点1至关键节点i中每个关键节点的相对位置,关键节点i从配置信息中获得关键节点1至关键节点i中每个关键节点的相对位置。In other embodiments, the network administrator configures the sequential position of each key node on the expected forwarding path in advance. Optionally, in the case of using the MP mode to calculate the multi-point forwarding proof, the network administrator also configures the sequential position of each key node upstream of the key node on the expected forwarding path at each key node on the expected forwarding path. For example, the configuration information saved by key node i includes the relative position of each key node from key node 1 to key node i in the forwarding path, and key node i obtains the relative position of each key node from key node 1 to key node i from the configuration information.

被验证节点的身份信息获取方式包括很多方式,下面以两种实现方式举例说明。There are many ways to obtain the identity information of the verified node. The following two implementation methods are used as examples.

被验证节点的身份信息的获取方式一、通过携带业务数据的数据报文获得被验证节点的身份信息。Method 1 for obtaining the identity information of the verified node: obtaining the identity information of the verified node through a data message carrying business data.

在一些实施方式中,数据报文A的预定字段携带被验证节点的身份信息。比如说,数据报文A的报文头携带被验证节点的身份信息。例如,数据报文的报文头包括TLV或预留字段,TLV或预留字段携带被验证节点的身份信息。In some implementations, a predetermined field of data message A carries the identity information of the verified node. For example, a header of data message A carries the identity information of the verified node. For example, the header of the data message includes a TLV or a reserved field, and the TLV or the reserved field carries the identity information of the verified node.

作为示例,被验证节点为关键节点A,数据报文A的IP头的目的地址字段包括关键节点A的IP地址,关键节点A从数据报文A的IP头的目的地址字段获得关键节点A的IP地址。As an example, the verified node is key node A, the destination address field of the IP header of data message A includes the IP address of key node A, and key node A obtains the IP address of key node A from the destination address field of the IP header of data message A.

例如,在采用OP模式计算单点转发证明的情况下,数据报文A携带关键节点A的身份信息,关键节点A获取数据报文A携带的本节点的身份信息以便计算OP。又如,在采用MP模式计算多点转发证明的情况下,数据报文A还携带第二转发节点的身份信息,关键节点A还获取数据报文A携带的第二转发节点的身份信息以便计算MP。For example, when the OP mode is used to calculate the single-point forwarding proof, data message A carries the identity information of key node A, and key node A obtains the identity information of the node carried by data message A in order to calculate OP. For another example, when the MP mode is used to calculate the multi-point forwarding proof, data message A also carries the identity information of the second forwarding node, and key node A also obtains the identity information of the second forwarding node carried by data message A in order to calculate MP.

例如,在SRv6场景下获取被验证节点的身份信息的一些实施方式中,数据报文A包括SRH,SRH包括段列表segment list,segment list包括预期转发路径中每个节点的SID,关键节点A获取segment list携带的被验证节点的SID,得到被验证节点的身份信息。For example, in some implementations of obtaining the identity information of the verified node in the SRv6 scenario, data packet A includes an SRH, the SRH includes a segment list, the segment list includes the SID of each node in the expected forwarding path, and the key node A obtains the SID of the verified node carried by the segment list to obtain the identity information of the verified node.

被验证节点的身份信息的获取方式二、通过控制面预分发的方式获得预期转发路径中的顺序位置。The second method for obtaining the identity information of the verified node is to obtain the sequential position in the expected forwarding path through control plane pre-distribution.

例如,路径规划方在确定预期转发路径的过程中,路径规划方确定被验证节点的身份信息。路径规划方向关键节点A发送被验证节点的身份信息。关键节点A接收来自路径规划方的身份信息。For example, in the process of determining the expected forwarding path, the path planner determines the identity information of the verified node. The path planner sends the identity information of the verified node to the key node A. The key node A receives the identity information from the path planner.

S250,关键节点A基于被验证节点在预期转发路径中的顺序位置以及被验证节点的身份信息获得节点级别的转发证明A。S250, key node A obtains a node-level forwarding certificate A based on the sequential position of the verified node in the expected forwarding path and the identity information of the verified node.

转发证明A用于证明被验证节点在预期转发路径处于被验证节点的顺序位置。The forwarding proof A is used to prove that the verified node is in the sequential position of the verified node in the expected forwarding path.

例如,被验证节点为当前节点(关键节点A),关键节点A基于关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息获得设备级的转发证明A,以便基于转发证明A验证关键节点A是否处于预期的顺序以及关键节点A是否为预期的节点。For example, the verified node is the current node (critical node A), and critical node A obtains device-level forwarding proof A based on the sequential position of critical node A in the expected forwarding path and the identity information of critical node A, so as to verify whether critical node A is in the expected order and whether critical node A is the expected node based on forwarding proof A.

例如,被验证节点为当前节点的下一个节点(关键节点B),关键节点A基于关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得转发证明A,以便基于转发证明A验证数据报文是否将要发往顺序符合预期且身份符合预期正确的节点。For example, the verified node is the next node of the current node (critical node B). Critical node A obtains forwarding proof A based on the sequential position of critical node B in the expected forwarding path and the identity information of critical node B, so as to verify based on forwarding proof A whether the data message will be sent to a node with the expected sequence and the expected correct identity.

S260,关键节点A向验证节点发送转发证明A,并向关键节点B发送数据报文B。S260, key node A sends forwarding proof A to the verification node, and sends data message B to key node B.

关键节点A通过将转发证明A发送给验证节点,便于验证节点基于转发证明A验证关键节点A的顺序位置以及关键节点A的身份。数据报文B携带数据报文A中的业务数据。通过向关键节点B发送数据报文B,使得业务数据从本节点到达路径规划方预期经过的下一个关键节点。Key node A sends forwarding proof A to the verification node, so that the verification node can verify the sequence position and identity of key node A based on forwarding proof A. Data message B carries the business data in data message A. By sending data message B to key node B, the business data is sent from this node to the next key node that the path planner expects to pass through.

在关键节点B兼任验证节点,或者关键节点B下游的关键节点(例如路径末端的尾节点)兼任验证节点的情况下,转发证明以及业务数据例如通过同一个数据报文携带。例如,验证节点为关键节点B,关键节点B为预期转发路径中位于关键节点A下游的关键节点,关键节点A基于数据报文A中携带的业务数据以及被验证节点的转发证明(例如关键节点A的转发证明A)获得数据报文B。数据报文B的载荷字段携带数据报文A中携带的业务数据。数据报文B的报文头携带被验证节点的转发证明。关键节点A将该数据报文B发送给关键节点B。这种情况下,关键节点A对应于第一转发节点,关键节点B对应于第三转发节点,数据报文A对应第一数据报文,数据报文B对应第二数据报文。In the case where the key node B also serves as a verification node, or the key node downstream of the key node B (such as the tail node at the end of the path) also serves as a verification node, the forwarding proof and the business data are carried by the same data message, for example. For example, the verification node is the key node B, and the key node B is the key node downstream of the key node A in the expected forwarding path. The key node A obtains the data message B based on the business data carried in the data message A and the forwarding proof of the verified node (such as the forwarding proof A of the key node A). The payload field of the data message B carries the business data carried in the data message A. The message header of the data message B carries the forwarding proof of the verified node. The key node A sends the data message B to the key node B. In this case, the key node A corresponds to the first forwarding node, the key node B corresponds to the third forwarding node, the data message A corresponds to the first data message, and the data message B corresponds to the second data message.

在验证节点部署在转发路径外部的情况下,关键节点A通过单独构造一个报文来携带被验证节点的转发证明。例如,关键节点A生成第一报文,第一报文为控制面报文、管理面报文或者数据报文,第一报文携带被验证节点的转发证明。关键节点A向验证节点发送第一报文。When the verification node is deployed outside the forwarding path, the key node A constructs a separate message to carry the forwarding proof of the verified node. For example, the key node A generates a first message, which is a control plane message, a management plane message, or a data message, and the first message carries the forwarding proof of the verified node. The key node A sends the first message to the verification node.

S320,关键节点B接收来自关键节点A的数据报文B。S320, key node B receives data message B from key node A.

关键节点B为转发路径中关键节点A位于上游的关键节点。关键节点B为中间节点或者尾节点。Key node B is a key node located upstream of key node A in the forwarding path. Key node B is an intermediate node or a tail node.

S340,关键节点B获取被验证节点在预期转发路径中的顺序位置以及被验证节点的身份信息。S340, key node B obtains the sequence position of the verified node in the expected forwarding path and the identity information of the verified node.

S350,关键节点B基于获取被验证节点在预期转发路径中的顺序位置以及被验证节点的身份信息获得设备级的转发证明B。S350, the key node B obtains the device-level forwarding proof B based on the sequential position of the verified node in the expected forwarding path and the identity information of the verified node.

例如,被验证节点为当前节点(关键节点B),关键节点B基于关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得设备级的转发证明B,以便基于转发证明B验证关键节点B是否在预期的顺序位置转发数据报文。For example, the verified node is the current node (critical node B), and critical node B obtains a device-level forwarding proof B based on the sequential position of critical node B in the expected forwarding path and the identity information of critical node B, so as to verify whether critical node B forwards the data message in the expected sequential position based on forwarding proof B.

例如,被验证节点为当前节点的上一个节点(关键节点A),关键节点B基于关键节点A在预期转发路径中的顺序位置以及关键节点A的身份信息获得转发证明B,以便基于转发证明B验证数据报文是否来自处于预期的顺序且身份正确的节点。For example, the verified node is the previous node of the current node (key node A), and key node B obtains forwarding proof B based on the sequential position of key node A in the expected forwarding path and the identity information of key node A, so as to verify whether the data message comes from a node in the expected order and with the correct identity based on forwarding proof B.

例如,被验证节点包括当前节点(关键节点B)以及当前节点的上一个节点(关键节点A),关键节点B基于关键节点A在预期转发路径中的顺序位置、关键节点A的身份信息、关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得转发证明B,以便基于转发证明B验证关键节点A是否在预期的顺序位置转发数据报文以及关键节点B否在预期的顺序位置转发数据报文。这种情况下,关键节点B对应于第一转发节点,关键节点A对应于第二转发节点。For example, the verified nodes include the current node (key node B) and the previous node of the current node (key node A), and the key node B obtains forwarding proof B based on the sequence position of the key node A in the expected forwarding path, the identity information of the key node A, the sequence position of the key node B in the expected forwarding path, and the identity information of the key node B, so as to verify whether the key node A forwards the data message in the expected sequence position and whether the key node B forwards the data message in the expected sequence position based on the forwarding proof B. In this case, the key node B corresponds to the first forwarding node, and the key node A corresponds to the second forwarding node.

例如,被验证节点为当前节点的下一个节点(关键节点C),关键节点B基于关键节点C在预期转发路径中的顺序位置以及关键节点C的身份信息获得转发证明B,以便基于转发证明B验证数据报文是否将要发往顺序符合预期且身份符合预期正确的节点。For example, the verified node is the next node of the current node (key node C), and key node B obtains forwarding proof B based on the sequential position of key node C in the expected forwarding path and the identity information of key node C, so as to verify based on forwarding proof B whether the data message will be sent to a node with the expected sequence and the expected correct identity.

例如,被验证节点包括当前节点(关键节点B)以及当前节点的下一个节点(关键节点C),关键节点B基于关键节点B在预期转发路径中的顺序位置、关键节点B的身份信息、关键节点C在预期转发路径中的顺序位置以及关键节点C的身份信息获得转发证明B,以便基于转发证明B验证关键节点B是否在预期的顺序位置转发数据报文以及数据报文是否将要发往顺序符合预期且身份符合预期正确的节点。For example, the verified nodes include the current node (critical node B) and the next node of the current node (critical node C). The critical node B obtains forwarding proof B based on the sequential position of the critical node B in the expected forwarding path, the identity information of the critical node B, the sequential position of the critical node C in the expected forwarding path, and the identity information of the critical node C, so as to verify based on the forwarding proof B whether the critical node B forwards the data message in the expected sequential position and whether the data message will be sent to a node whose sequence is consistent with the expected order and whose identity is consistent with the expected correctness.

例如,被验证节点为上半程路径经过的每个节点,关键节点B基于关键节点A在预期转发路径中的顺序位置、关键节点A身份信息、关键节点B在预期转发路径中的顺序位置以及关键节点B的身份信息获得转发证明B。For example, the verified node is each node passed by the upper half of the path, and the key node B obtains forwarding proof B based on the sequential position of the key node A in the expected forwarding path, the identity information of the key node A, the sequential position of the key node B in the expected forwarding path, and the identity information of the key node B.

S360,关键节点B向验证节点发送关键节点B的转发证明B,并向关键节点C发送数据报文C。S360, key node B sends forwarding certificate B of key node B to the verification node, and sends data message C to key node C.

在一些实施方式中,关键节点B验证数据报文B的来源的正确性,在数据报文B的来源正确性验证通过的情况下,关键节点B再进一步执行后续转发证明的确定过程,在数据报文B的来源正确性验证不通过的情况下,关键节点B无需执行后续转发证明的确定过程,关键节点B可以直接丢弃数据报文。In some implementations, critical node B verifies the correctness of the source of data packet B. If the source correctness verification of data packet B passes, critical node B further performs a subsequent forwarding proof determination process. If the source correctness verification of data packet B fails, critical node B does not need to perform a subsequent forwarding proof determination process, and critical node B can directly discard the data packet.

在关键节点B验证数据报文B的来源的正确性的一些实施方式中,关键节点B验证数据报文B是否来自关键节点A,关键节点A为预期转发路径中关键节点B的上一个关键节点。例如,关键节点B根据关键节点A的身份信息、关键节点A的预期顺序位置以及节点级向量承诺验证数据报文B中携带的关键节点A的单点转发证明OP_i-1的正确性,从而验证数据报文B的上一跳是否正确;又如,关键节点B根据关键节点A的身份信息、关键节点A的预期顺序位置、关键节点B的身份信息、关键节点B的预期顺序位置以及节点级向量承诺,验证数据报文B中携带的关键节点A的多点转发证明MP_i-1的正确性,从而验证数据报文B已经过的转发路径段是否正确。此外,数据报文来源验证步骤也可以采用其他可聚合的证明方式,比如密码聚合器(accumulator)、可聚合签名或者MAC tag等等。In some implementations of the key node B verifying the correctness of the source of the data message B, the key node B verifies whether the data message B comes from the key node A, and the key node A is the previous key node of the key node B in the expected forwarding path. For example, the key node B verifies the correctness of the single-point forwarding proof OP_i-1 of the key node A carried in the data message B according to the identity information of the key node A, the expected sequence position of the key node A, and the node-level vector commitment, thereby verifying whether the previous hop of the data message B is correct; for another example, the key node B verifies the correctness of the multi-point forwarding proof MP_i-1 of the key node A carried in the data message B according to the identity information of the key node A, the expected sequence position of the key node A, the identity information of the key node B, the expected sequence position of the key node B, and the node-level vector commitment, thereby verifying whether the forwarding path segment that the data message B has passed is correct. In addition, the data message source verification step can also adopt other aggregatable proof methods, such as a cryptographic aggregator (accumulator), an aggregatable signature or a MAC tag, etc.

在一些实施方式中,由关键节点兼任验证节点,例如验证节点为关键节点C,关键节点C为所述预期转发路径中位于关键节点B下游的关键节点,关键节点B基于接收到的数据报文B以及关键节点B的转发证明B获得数据报文C,关键节点B向关键节点C发送数据报文C,数据报文C包括数据报文B的载荷以及关键节点B的转发证明B。这种情况下,关键节点B对应于第一转发节点,关键节点C对应于第三转发节点且对应验证节点,数据报文B对应第一数据报文,数据报文C对应第二数据报文。In some implementations, a key node also serves as a verification node, for example, the verification node is a key node C, which is a key node located downstream of a key node B in the expected forwarding path, and the key node B obtains a data message C based on the received data message B and a forwarding proof B of the key node B, and the key node B sends a data message C to the key node C, and the data message C includes a payload of the data message B and a forwarding proof B of the key node B. In this case, the key node B corresponds to the first forwarding node, the key node C corresponds to the third forwarding node and corresponds to the verification node, the data message B corresponds to the first data message, and the data message C corresponds to the second data message.

S270,验证节点获取转发证明、设备级向量承诺、被验证节点的身份信息以及被验证节点在预期转发路径的顺序位置。至少两个关键节点包括被验证节点,被验证节点的身份信息指示被验证节点的身份,被验证节点的转发证明用于证明被验证节点在预期转发路径处于被验证节点的顺序位置。S270, the verification node obtains the forwarding proof, the device-level vector commitment, the identity information of the verified node, and the sequential position of the verified node in the expected forwarding path. At least two key nodes include the verified node, the identity information of the verified node indicates the identity of the verified node, and the forwarding proof of the verified node is used to prove that the verified node is in the sequential position of the verified node in the expected forwarding path.

在一种可能的实现方式中,在S250和S260中,基于单点打开函数获得与单个被验证节点有关的转发证明,在S270中,基于单点验证函数验证与单个被验证节点有关的转发证明,从而实现对单个节点的证明的验证。在另一种可能的实现方式中,在S250和S260中,基于批量验证函数验证与多个被验证节点均有关的转发证明,在S270中,基于多点打开函数获得与多个被验证节点均有关的转发证明,从而对路径的多个节点一次性验证。In one possible implementation, in S250 and S260, a forwarding proof related to a single verified node is obtained based on a single-point opening function, and in S270, a forwarding proof related to a single verified node is verified based on a single-point verification function, thereby implementing verification of the proof of a single node. In another possible implementation, in S250 and S260, forwarding proofs related to multiple verified nodes are verified based on a batch verification function, and in S270, forwarding proofs related to multiple verified nodes are obtained based on a multi-point opening function, thereby implementing one-time verification of multiple nodes of a path.

当然,承诺、打开和验证这三种函数仅是实现转发证明的获取和验证时可用的几种函数的示例。在另一种可能的实现方式中,使用向量承诺中其他类型的函数实现转发证明的获取和验证,例如在S250和S260中,使用证据创建函数(create witness,作用相当于打开函数)获取转发证明,在S270中,使用验证计算函数(verify eval,作用相当于验证函数)获取转发证明;又如,在S250和S260中,使用批量创建证据函数(create witness batch,作用相当于批量打开函数)获取多点转发证明,在S270中,使用批量验证计算(verify eval batch,作用相当于批量验证函数)验证多点转发证明。Of course, the three functions of commitment, opening, and verification are only examples of several functions that can be used to implement the acquisition and verification of forwarding proofs. In another possible implementation, other types of functions in vector commitment are used to implement the acquisition and verification of forwarding proofs. For example, in S250 and S260, a witness creation function (create witness, which is equivalent to the open function) is used to obtain forwarding proofs, and in S270, a verification calculation function (verify eval, which is equivalent to the verification function) is used to obtain forwarding proofs; for another example, in S250 and S260, a batch creation witness function (create witness batch, which is equivalent to the batch open function) is used to obtain multi-point forwarding proofs, and in S270, a batch verification calculation (verify eval batch, which is equivalent to the batch verification function) is used to verify multi-point forwarding proofs.

S280,验证节点基于设备级向量承诺、被验证节点的身份信息以及被验证节点在预期转发路径的顺序位置对转发证明A或/和转发证明B进行验证。S280, the verification node verifies the forwarding proof A and/or the forwarding proof B based on the device-level vector commitment, the identity information of the verified node, and the sequential position of the verified node in the expected forwarding path.

在一些实施方式中,验证节点基于设备级向量承诺、被验证节点的身份信息、被验证节点在预期转发路径的顺序位置以及被验证节点的转发证明,采用向量承诺机制中的验证函数进行运算。In some implementations, the verification node uses the verification function in the vector commitment mechanism to perform operations based on the device-level vector commitment, the identity information of the verified node, the sequential position of the verified node in the expected forwarding path, and the forwarding proof of the verified node.

例如,如果设备级向量承诺、被验证节点的身份信息、被验证节点在预期转发路径的顺序位置以及被验证节点的转发证明四者相互匹配,验证函数的输出结果为1,则验证节点确定被验证节点的转发证明验证通过,表示被验证节点确实是路径规划方预期的关键节点(预期转发路径经过被验证节点)且被验证节点在实际转发路径的顺序位置满足预期转发路径的要求。For example, if the device-level vector commitment, the identity information of the verified node, the sequential position of the verified node in the expected forwarding path, and the forwarding proof of the verified node match each other, and the output result of the verification function is 1, the verifying node determines that the forwarding proof of the verified node has been verified, indicating that the verified node is indeed the key node expected by the path planner (the expected forwarding path passes through the verified node) and the sequential position of the verified node in the actual forwarding path meets the requirements of the expected forwarding path.

反之,如果设备级向量承诺、被验证节点的身份信息、被验证节点在预期转发路径的顺序位置以及被验证节点的转发证明四者不匹配,验证函数的输出结果为0,则被验证节点的转发证明验证通过,表示被验证节点并不是路径规划方预期的关键节点(预期转发路径没有经过被验证节点)或者被验证节点在实际转发路径的顺序位置满不足预期转发路径的要求。On the contrary, if the device-level vector commitment, the identity information of the verified node, the sequential position of the verified node in the expected forwarding path, and the forwarding proof of the verified node do not match, the output result of the verification function is 0, then the forwarding proof of the verified node is verified successfully, indicating that the verified node is not the key node expected by the path planner (the expected forwarding path does not pass through the verified node) or the sequential position of the verified node in the actual forwarding path does not meet the requirements of the expected forwarding path.

例如,验证节点基于设备级向量承诺、关键节点A的身份信息以及关键节点A在预期转发路径的顺序位置对来自关键节点A的转发证明A进行验证,以便判断关键节点A的身份和顺序位置是否满足预期。For example, the verification node verifies the forwarding proof A from the key node A based on the device-level vector commitment, the identity information of the key node A, and the sequential position of the key node A in the expected forwarding path to determine whether the identity and sequential position of the key node A meet expectations.

又如,验证节点基于设备级向量承诺、关键节点B的身份信息以及关键节点B在预期转发路径的顺序位置对来自关键节点B的转发证明进行验证,以便判断关键节点B的身份和顺序位置是否满足预期。又如,验证节点基于设备级向量承诺、关键节点A的身份信息、关键节点A在预期转发路径的顺序位置、关键节点B的身份信息以及关键节点B在预期转发路径的顺序位置对来自关键节点B的转发证明进行验证,以便判断关键节点A的身份和顺序位置以及关键节点B的身份和顺序位置是否均满足预期。For another example, the verification node verifies the forwarding proof from the key node B based on the device-level vector commitment, the identity information of the key node B, and the sequential position of the key node B in the expected forwarding path, so as to determine whether the identity and sequential position of the key node B meet expectations. For another example, the verification node verifies the forwarding proof from the key node B based on the device-level vector commitment, the identity information of the key node A, the sequential position of the key node A in the expected forwarding path, the identity information of the key node B, and the sequential position of the key node B in the expected forwarding path, so as to determine whether the identity and sequential position of the key node A and the identity and sequential position of the key node B meet expectations.

通过使用向量承诺验证转发证明,达到的好处至少包括如下几个方面。By using vector commitment to verify forwarding proof, the benefits achieved include at least the following aspects.

第一,有助于验证数据按照转发路径指定的顺序按序转发。First, it helps verify that data is forwarded in the order specified by the forwarding path.

具体地,向量承诺本身具有位置绑定性,即能够体现信息的值与信息在向量中的位置之间的绑定关系,因此基于关键节点的身份信息以及关键节点的预期顺序位置获得向量承诺,使得向量承诺既和身份信息有关,也和关键节点的预期顺序位置有关,向量承诺能够体现转发路径上关键节点的预期顺序位置和身份信息之间的对应关系,因此基于向量承诺验证转发证明时,身份信息、预期顺序位置以及转发证明三者相互对应才能通过验证,身份信息与预期顺序位置不对应情况下获得的转发证明会造成验证不通过。换句话说,仅在预期顺序位置i上的关键节点i才能计算出正确的转发证明p_i,不能由他人伪造。Specifically, the vector commitment itself has position binding, that is, it can reflect the binding relationship between the value of the information and the position of the information in the vector. Therefore, the vector commitment is obtained based on the identity information of the key node and the expected sequence position of the key node, so that the vector commitment is related to both the identity information and the expected sequence position of the key node. The vector commitment can reflect the corresponding relationship between the expected sequence position of the key node on the forwarding path and the identity information. Therefore, when verifying the forwarding proof based on the vector commitment, the identity information, the expected sequence position and the forwarding proof must correspond to each other to pass the verification. The forwarding proof obtained when the identity information does not correspond to the expected sequence position will cause the verification to fail. In other words, only the key node i at the expected sequence position i can calculate the correct forwarding proof p_i, which cannot be forged by others.

第二,有助于路径隐藏性。由于向量承诺本身是密文的形式,通过向量承诺本身无法直接获得其中所包含的关键节点的身份信息和预期顺序位置,也难以对向量承诺解密或者反推得到关键节点的身份信息和预期顺序位置,从而隐藏了转发路径上关键节点的身份信息和预期顺序位置,从而提高关键节点的身份信息和预期顺序位置的隐私和保密性。Second, it helps to hide the path. Since the vector commitment itself is in the form of ciphertext, the identity information and expected sequence position of the key nodes contained in it cannot be directly obtained through the vector commitment itself, and it is also difficult to decrypt or reverse the vector commitment to obtain the identity information and expected sequence position of the key nodes, thereby hiding the identity information and expected sequence position of the key nodes on the forwarding path, thereby improving the privacy and confidentiality of the identity information and expected sequence position of the key nodes.

第三,减少获得承诺的时间和验证承诺的时间,提高获得承诺的效率和验证承诺的效率。如果使用单点承诺的方式,则需要逐个承诺每个节点的位置以及每个节点的身份,那么如果转发路径包括n个节点,则需要花费n倍的时间来获得承诺和验证承诺。而通过使用向量承诺的方式,允许一次性承诺一个包含至少两个节点的转发路径(相当于一个向量),那么如果转发路径包括n个节点,则可能只需log n或者常数的时间来获得承诺和验证承诺,从而降低承诺的数据量随着转发路径中节点的数量增加而超线性增长的风险,能够更快速地完成获得承诺和验证承诺的过程,可以大大提高效率,更加适用于转发路径中包含大量节点的情况。此外,单点承诺的方式也无法绑定关键节点的身份信息和预期顺序位置,需要通过其他方式来实现位置绑定,例如使用列表来记录预期顺序位置,而向量承诺具备位置绑定的能力,可以直接将多个身份信息与对应的预期顺序位置进行绑定,从而简化了验证过程。Third, reduce the time to obtain commitments and verify commitments, and improve the efficiency of obtaining commitments and verifying commitments. If a single-point commitment method is used, the position of each node and the identity of each node need to be committed one by one. If the forwarding path includes n nodes, it will take n times the time to obtain and verify the commitment. By using the vector commitment method, a forwarding path containing at least two nodes (equivalent to a vector) can be committed at one time. If the forwarding path includes n nodes, it may only take log n or a constant time to obtain and verify the commitment, thereby reducing the risk of the amount of committed data growing superlinearly with the increase in the number of nodes in the forwarding path. The process of obtaining and verifying commitments can be completed more quickly, which can greatly improve efficiency and is more suitable for situations where a large number of nodes are included in the forwarding path. In addition, the single-point commitment method cannot bind the identity information and expected sequence position of key nodes. Other methods are needed to achieve position binding, such as using a list to record the expected sequence position. The vector commitment has the ability to bind positions, and can directly bind multiple identity information to the corresponding expected sequence positions, thereby simplifying the verification process.

本实施例提供的方法,由于结合转发节点在转发路径上所处的位置以及转发节点的身份获得转发证明,从而实现了转发证明的位置绑定性。即,转发证明不仅和转发节点的身份有关,还和转发节点在转发路径上的位置有关,因此,数据报文在转发至转发路径上正确的位置由正确的节点才能计算出正确的转发证明,使得转发证明和数据报文的真实转发情况具有强绑定性。例如,如果在转发过程中跳过路径中的节点,或者路过多余的未指定的节点,则均会由于节点的身份与节点的位置不再相互对应,因此基于节点的身份与节点的位置获得的转发证明无法通过验证,从而提高转发证明的可信性。The method provided in this embodiment obtains the forwarding proof by combining the position of the forwarding node on the forwarding path and the identity of the forwarding node, thereby realizing the position binding of the forwarding proof. That is, the forwarding proof is not only related to the identity of the forwarding node, but also to the position of the forwarding node on the forwarding path. Therefore, the correct forwarding proof can be calculated by the correct node when the data message is forwarded to the correct position on the forwarding path, so that the forwarding proof and the actual forwarding situation of the data message are strongly bound. For example, if a node in the path is skipped or an extra unspecified node is passed during the forwarding process, the identity of the node and the position of the node will no longer correspond to each other. Therefore, the forwarding proof obtained based on the identity of the node and the position of the node cannot be verified, thereby improving the credibility of the forwarding proof.

进一步地,由于预期转发路径中的关键节点使用在预期转发路径中的顺序位置计算转发证明,使用向量承诺以及关键节点在预期转发路径中的顺序位置验证转发证明,使得计算向量承诺所基于的顺序位置与计算转发证明所基于的顺序位置一致,从而实现非关键节点的容错性,因此降低基于向量承诺对转发证明验证不通过导致中断业务数据传输或者输出告警的风险。Furthermore, since the key nodes in the expected forwarding path use the sequential positions in the expected forwarding path to calculate the forwarding proof, and the vector commitment and the sequential positions of the key nodes in the expected forwarding path are used to verify the forwarding proof, the sequential positions based on which the vector commitment is calculated are consistent with the sequential positions based on which the forwarding proof is calculated, thereby achieving fault tolerance for non-critical nodes, thereby reducing the risk of interrupting business data transmission or outputting alarms due to failure to verify the forwarding proof based on vector commitment.

在一些实施方式中,关键节点不仅向验证节点发送本节点的转发证明,还向验证节点发送本节点在实际转发路径中的顺序位置,以便实现非关键节点的可记录性。In some implementations, the key node not only sends the forwarding proof of the node to the verification node, but also sends the sequential position of the node in the actual forwarding path to the verification node, so as to achieve the recordability of non-key nodes.

例如,关键节点A基于数据报文A获得第一转发节点在实际转发路径中的顺序位置为1;关键节点A向验证节点发送顺序位置1;关键节点B基于数据报文B获得关键节点B在实际转发路径中的顺序位置为4,关键节点B向验证节点发送顺序位置为4;关键节点C基于数据报文C获得关键节点C在实际转发路径中的顺序位置为6,关键节点C向验证节点发送顺序位置为6。For example, key node A obtains the sequence position of the first forwarding node in the actual forwarding path as 1 based on data packet A; key node A sends the sequence position 1 to the verification node; key node B obtains the sequence position of key node B in the actual forwarding path as 4 based on data packet B, and key node B sends the sequence position 4 to the verification node; key node C obtains the sequence position of key node C in the actual forwarding path as 6 based on data packet C, and key node C sends the sequence position 6 to the verification node.

针对如何将关键节点的实际顺序位置传输至验证节点,本实施例以两种方式为例说明。Regarding how to transmit the actual sequential positions of key nodes to the verification nodes, this embodiment uses two methods as examples to illustrate.

实际顺序位置的传输方式一、关键节点的实际顺序位置随业务数据一起传输The actual sequence position transmission method 1: The actual sequence position of the key node is transmitted together with the business data

传输方式一相当于带内的方式。例如,关键节点在转发数据报文的过程中,将本节点在实际转发路径中的顺序位置添加至数据报文中,转发包含业务数据以及本节点的实际顺序位置的数据报文,使得本节点的实际顺序位置随着业务数据一起传输至关键节点的下一个转发节点。例如,数据报文包括报文头以及封装于报文头内层的载荷字段,报文头携带关键节点的实际顺序位置,载荷字段携带业务数据。Transmission mode 1 is equivalent to the in-band mode. For example, when a key node forwards a data message, it adds the sequence position of the node in the actual forwarding path to the data message, and forwards the data message containing the service data and the actual sequence position of the node, so that the actual sequence position of the node is transmitted to the next forwarding node of the key node along with the service data. For example, a data message includes a message header and a payload field encapsulated in the inner layer of the message header. The message header carries the actual sequence position of the key node, and the payload field carries the service data.

在一些实施方式中,将实际顺序位置与转发证明随业务数据一起传输给验证节点。例如,验证节点为预期转发路径中位于关键节点A下游的关键节点B,关键节点A基于数据报文A、关键节点A的转发证明以及关键节点A在实际转发路径中的顺序位置获得数据报文B,数据报文B包括数据报文A的载荷、关键节点A的转发证明以及关键节点A在实际转发路径中的顺序位置。关键节点A向关键节点B发送数据报文B。这种情况下,关键节点A对应于第一转发节点,关键节点B对应于第三转发节点,数据报文A对应第一数据报文,数据报文B对应第二数据报文。In some embodiments, the actual sequence position and the forwarding proof are transmitted to the verification node along with the business data. For example, the verification node is a key node B located downstream of the key node A in the expected forwarding path. The key node A obtains the data message B based on the data message A, the forwarding proof of the key node A, and the sequential position of the key node A in the actual forwarding path. The data message B includes the payload of the data message A, the forwarding proof of the key node A, and the sequential position of the key node A in the actual forwarding path. The key node A sends the data message B to the key node B. In this case, the key node A corresponds to the first forwarding node, the key node B corresponds to the third forwarding node, the data message A corresponds to the first data message, and the data message B corresponds to the second data message.

又如,验证节点为预期转发路径中位于关键节点B下游的关键节点C,关键节点B基于数据报文B、关键节点B的转发证明以及关键节点B在实际转发路径中的顺序位置获得数据报文C,数据报文C包括数据报文B的载荷、关键节点B的转发证明、关键节点A在实际转发路径中的顺序位置以及关键节点B在实际转发路径中的顺序位置;关键节点B向转发节点C发送数据报文C。这种情况下,关键节点B对应于第一转发节点,关键节点C对应于第三转发节点,数据报文B对应第一数据报文,数据报文C对应第二数据报文。For another example, the verification node is a key node C located downstream of the key node B in the expected forwarding path. The key node B obtains the data message C based on the data message B, the forwarding proof of the key node B, and the sequential position of the key node B in the actual forwarding path. The data message C includes the payload of the data message B, the forwarding proof of the key node B, the sequential position of the key node A in the actual forwarding path, and the sequential position of the key node B in the actual forwarding path; the key node B sends the data message C to the forwarding node C. In this case, the key node B corresponds to the first forwarding node, the key node C corresponds to the third forwarding node, the data message B corresponds to the first data message, and the data message C corresponds to the second data message.

由于将实际顺序位置以及转发证明携带在同一个数据报文发送给转发路径下游的关键节点,在关键节点兼任验证节点(观察者)的模式下,无需分别构造独立的数据报文来传输实际顺序位置以及转发证明,因此实际顺序位置以及转发证明整体的传输开销较小,验证节点通过解析一个数据报文能够同时获得关键节点的实际顺序位置以及关键节点的转发证明,因此验证节点获得关键节点的实际顺序位置以及关键节点的转发证明的效率也较高。Since the actual sequence position and the forwarding proof are carried in the same data message and sent to the key node downstream of the forwarding path, in the mode where the key node also serves as the verification node (observer), there is no need to construct independent data messages to transmit the actual sequence position and the forwarding proof respectively. Therefore, the overall transmission overhead of the actual sequence position and the forwarding proof is relatively small. The verification node can obtain the actual sequence position of the key node and the forwarding proof of the key node at the same time by parsing a data message. Therefore, the verification node is more efficient in obtaining the actual sequence position of the key node and the forwarding proof of the key node.

在一些实施方式中,数据报文A包括第一位置列表,第一位置列表包括预期转发路径中位于第一转发节点上游的关键节点在实际转发路径中的顺序位置,数据报文B包括第二位置列表,第二位置列表包括第一位置列表以及第一转发节点在实际转发路径中的顺序位置。In some embodiments, data packet A includes a first position list, the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path, and data packet B includes a second position list, the second position list includes the first position list and the sequential positions of the first forwarding node in the actual forwarding path.

下面对关键节点的实际顺序位置、转发证明以及向量承诺在报文中的携带位置举例说明。The following is an example of the actual sequential position of key nodes, forwarding proof, and the position of vector commitment in the message.

在基于IPv6协议传输数据的情况下,在一种可能的实现方式中,通过IPv6扩展头携带关键节点的实际顺序位置、转发证明以及向量承诺。例如,通过段路由头(segment routing header,SRH)携带关键节点的实际顺序位置、转发证明以及向量承诺。又如,通过逐跳选项头(hop-by-hop options header,HBH)携带关键节点的实际顺序位置、转发证明以及向量承诺。又如,通过目的选项头(destination options header,DOH)携带关键节点的实际顺序位置、转发证明以及向量承诺。SRH、HBH以及DOH是三种能够携带转发证明的IPv6扩展头的具体示例。In the case of transmitting data based on the IPv6 protocol, in a possible implementation, the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the IPv6 extension header. For example, the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the segment routing header (SRH). For another example, the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the hop-by-hop options header (HBH). For another example, the actual sequence position, forwarding proof and vector commitment of key nodes are carried through the destination options header (DOH). SRH, HBH and DOH are three specific examples of IPv6 extension headers that can carry forwarding proof.

可选地,通过IPv6扩展头中的TLV携带转发证明。例如,通过SRH中的TLV携带关键节点的实际顺序位置、转发证明以及向量承诺。又如,通过HBH中的TLV携带关键节点的实际顺序位置、转发证明以及向量承诺。又如,通过DOH中的TLV携带关键节点的实际顺序位置、转发证明以及向量承诺。Optionally, the forwarding proof is carried by TLV in the IPv6 extension header. For example, the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in SRH. For another example, the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in HBH. For another example, the actual sequence position of the key node, the forwarding proof and the vector commitment are carried by TLV in DOH.

在基于APN6协议传输数据的情况下,在一种可能的实现方式中,通过APN报文头携带关键节点的实际顺序位置、转发证明以及向量承诺。例如,通过APN报文头中的应用感知网络标识(APN ID)携带关键节点的实际顺序位置、转发证明以及向量承诺。在基于VxLAN协议传输数据的情况下,在一种可能的实现方式中,通过VxLAN头携带关键节点的实际顺序位置、转发证明以及向量承诺,从而适用于基于VxLAN协议的虚拟化网络或跨数据中心互联等场景,提供了在VxLAN隧道中验证数据来源的功能。在基于IPSec协议传输数据的情况下,在一种可能的实现方式中,通过IPSec头携带关键节点的实际顺序位置、转发证明以及向量承诺,从而能够在IPSec协议下实现验证数据来源和安全传输。这种方式适用于基于IPSec协议的虚拟专用网络(VPN)或安全通信等场景,提供了在IPSec隧道中验证数据来源的能力。在基于MPLS协议传输数据的情况下,在一种可能的实现方式中,通过MPLS头携带关键节点的实际顺序位置、转发证明以及向量承诺。例如,所述转发路径例如包括标签交换路径,转发路径中的节点_1、节点_2…节点_N中的每个节点包括所述标签交换路径中的LSR,从而在MPLS协议下实现验证数据来源和安全传输,这种方式适用于基于MPLS协议的多层标签交换、服务提供商网络或跨域通信等场景,提供了在MPLS网络中验证数据来源的机制。在基于SFC协议传输数据的情况下,在一种可能的实现方式中,通过NSH携带转发证明。例如,通过NSH中的元数据字段携带关键节点的实际顺序位置、转发证明以及向量承诺。In the case of data transmission based on the APN6 protocol, in a possible implementation, the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the APN header. For example, the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the application-aware network identifier (APN ID) in the APN header. In the case of data transmission based on the VxLAN protocol, in a possible implementation, the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the VxLAN header, so that it is applicable to scenarios such as virtualized networks based on the VxLAN protocol or cross-data center interconnection, and the function of verifying the source of data in the VxLAN tunnel is provided. In the case of data transmission based on the IPSec protocol, in a possible implementation, the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the IPSec header, so that the source of data can be verified and securely transmitted under the IPSec protocol. This method is applicable to scenarios such as virtual private networks (VPNs) or secure communications based on the IPSec protocol, and the ability to verify the source of data in the IPSec tunnel is provided. In the case of data transmission based on the MPLS protocol, in a possible implementation, the actual sequence position, forwarding proof, and vector commitment of key nodes are carried through the MPLS header. For example, the forwarding path includes a label switching path, and each node in the node_1, node_2...node_N in the forwarding path includes an LSR in the label switching path, so as to verify the source of data and secure transmission under the MPLS protocol. This method is suitable for scenarios such as multi-layer label switching, service provider networks or cross-domain communications based on the MPLS protocol, and provides a mechanism for verifying the source of data in the MPLS network. In the case of transmitting data based on the SFC protocol, in a possible implementation method, the forwarding proof is carried by NSH. For example, the actual sequential position of key nodes, forwarding proof, and vector commitment are carried by the metadata field in the NSH.

在一种可能的实现方式中,关键节点的实际顺序位置、转发证明以及向量承诺携带在同一个报文头中的不同字段中。In one possible implementation, the actual sequential position of the key node, the forwarding proof, and the vector commitment are carried in different fields in the same message header.

示例性地,数据报文_i+1包括IPv6扩展头,所述IPv6扩展头包括转发节点_i的转发证明以及所述向量承诺。例如,数据报文_i+1的所述IPv6扩展头包括SRH,所述SRH包括第一TLV、第二TLV以及第三TLV,所述SRH的第一TLV包括所述转发节点_i的转发证明,所述SRH的第二TLV包括所述向量承诺。所述SRH的第三TLV包括关键节点的实际顺序位置;或者,数据报文_i+1的所述IPv6扩展头包括APN报文头,所述APN报文头包括APN ID,所述APN ID包括所述转发节点_i的转发证明以及所述向量承诺;或者,数据报文_i+1的所述IPv6扩展头包括DOH,所述DOH包括第一TLV、第二TLV以及第三TLV,所述DOH的第一TLV包括转发节点_i的转发证明,所述DOH的第二TLV包括所述向量承诺,所述DOH的第三TLV包括关键节点的实际顺序位置;或者,数据报文_i+1的所述IPv6扩展头包括HBH,所述HBH包括第一TLV、第二TLV以及第三TLV,所述HBH的第一TLV包括转发节点_i的转发证明,所述HBH的第二TLV包括所述向量承诺,HBH的第三TLV包括关键节点的实际顺序位置。Exemplarily, the data message _i+1 includes an IPv6 extension header, and the IPv6 extension header includes a forwarding proof of the forwarding node _i and the vector commitment. For example, the IPv6 extension header of the data message _i+1 includes an SRH, and the SRH includes a first TLV, a second TLV, and a third TLV, and the first TLV of the SRH includes the forwarding proof of the forwarding node _i, and the second TLV of the SRH includes the vector commitment. The third TLV of the SRH includes the actual sequential position of the key node; or, the IPv6 extension header of the data message _i+1 includes an APN header, the APN header includes an APN ID, and the APN ID includes the forwarding proof of the forwarding node _i and the vector commitment; or, the IPv6 extension header of the data message _i+1 includes a DOH, the DOH includes a first TLV, a second TLV and a third TLV, the first TLV of the DOH includes the forwarding proof of the forwarding node _i, the second TLV of the DOH includes the vector commitment, and the third TLV of the DOH includes the actual sequential position of the key node; or, the IPv6 extension header of the data message _i+1 includes a HBH, the HBH includes a first TLV, a second TLV and a third TLV, the first TLV of the HBH includes the forwarding proof of the forwarding node _i, the second TLV of the HBH includes the vector commitment, and the third TLV of the HBH includes the actual sequential position of the key node.

示例性地,数据报文_i+1包括NSH,所述NSH包括元数据字段,所述元数据字段包括转发节点_i的转发证明以及所述向量承诺;或者,数据报文_i+1包括MPLS头,所述MPLS头包括转发节点_i的转发证明以及所述向量承诺;或者,数据报文_i+1包括VxLAN头,所述VxLAN头包括转发节点_i的转发证明以及所述向量承诺;或者,数据报文_i+1包括IPsec头,所述IPsec头包括转发节点_i的转发证明以及所述向量承诺。Exemplarily, data packet _i+1 includes NSH, the NSH includes a metadata field, the metadata field includes the forwarding proof of forwarding node _i and the vector commitment; or, data packet _i+1 includes an MPLS header, the MPLS header includes the forwarding proof of forwarding node _i and the vector commitment; or, data packet _i+1 includes a VxLAN header, the VxLAN header includes the forwarding proof of forwarding node _i and the vector commitment; or, data packet _i+1 includes an IPsec header, the IPsec header includes the forwarding proof of forwarding node _i and the vector commitment.

通过将转发证明和向量承诺放在同一个报文头中,有助于简化报文的格式和结构。这样就不需要额外的头部来单独携带转发证明和向量承诺,减少了报文的复杂度和冗余。此外,将转发证明和向量承诺放在同一个报文头中可以简化节点对报文的处理逻辑。例如,节点_i在收到数据报文_i+1后,只需要解析报文头一次,即可获取到转发证明和向量承诺信息。这样节点_i的处理逻辑更加清晰简洁,减少了处理过程中的复杂性。By placing the forwarding proof and vector commitment in the same message header, it helps to simplify the format and structure of the message. In this way, there is no need for an additional header to carry the forwarding proof and vector commitment separately, reducing the complexity and redundancy of the message. In addition, placing the forwarding proof and vector commitment in the same message header can simplify the node's processing logic for the message. For example, after receiving the data message _i+1, node_i only needs to parse the message header once to obtain the forwarding proof and vector commitment information. In this way, the processing logic of node_i is clearer and simpler, reducing the complexity of the processing process.

在一些实施方式中,每一个关键节点在计算得到转发证明后,使用本节点计算出的转发证明替换数据报文的报文头中携带的转发证明。例如,关键节点B接收到携带转发证明A的数据报文A,关键节点B计算得到转发证明B后,使用转发证明B替换数据报文A中携带的转发证明A,以得到数据报文B,数据报文B不包括转发证明A而包括转发证明B。同理地,关键节点C接收到携带转发证明B的数据报文B,关键节点C计算得到转发证明C后,使用转发证明C替换数据报文A中携带的转发证明B,以得到数据报文C,数据报文C不包括转发证明B而包括转发证明C。通过每个关键节点替换上一个节点计算的转发证明,数据报文只需要携带一个转发证明,避免数据报文由于需要携带沿途经过的每个关键节点的转发证明,而数据量过大有助于节省数据报文的传输开销以及占用的带宽资源。In some embodiments, after calculating and obtaining the forwarding proof, each key node uses the forwarding proof calculated by the node to replace the forwarding proof carried in the message header of the data message. For example, key node B receives data message A carrying forwarding proof A. After key node B calculates and obtains forwarding proof B, it uses forwarding proof B to replace the forwarding proof A carried in data message A, so as to obtain data message B, which does not include forwarding proof A but includes forwarding proof B. Similarly, key node C receives data message B carrying forwarding proof B. After key node C calculates and obtains forwarding proof C, it uses forwarding proof C to replace the forwarding proof B carried in data message A, so as to obtain data message C, which does not include forwarding proof B but includes forwarding proof C. By replacing the forwarding proof calculated by the previous node with each key node, the data message only needs to carry one forwarding proof, which avoids the data message from carrying too much data due to the need to carry the forwarding proof of each key node passed along the way, which helps to save the transmission overhead of the data message and the occupied bandwidth resources.

在另一些实施方式中,每一个关键节点在计算得到转发证明后,将本节点计算出的转发证明添加至数据报文的报文头中。例如,关键节点B接收到携带转发证明A的数据报文A,关键节点B计算得到转发证明B后,向数据报文中携带的转发证明A之后添加转发证明B,以得到数据报文B,数据报文B包括转发证明A且包括转发证明B。同理地,关键节点C接收到携带转发证明A和转发证明B的数据报文B,关键节点C计算得到转发证明C后,向数据报文中携带的转发证明A和转发证明B之后添加转发证明C,以得到数据报文C,数据报文C包括转发证明A、转发证明B以及转发证明C。通过每个关键节点在上一个节点计算的转发证明的基础上继续添加本节点的转发证明,数据报文能携带沿途经过的每个关键节点的转发证明,能够验证数据报文已经过的每个关键节点的身份和顺序位置,因此可信性更强。In other embodiments, after calculating and obtaining the forwarding proof, each key node adds the forwarding proof calculated by the node to the message header of the data message. For example, key node B receives data message A carrying forwarding proof A. After key node B calculates and obtains forwarding proof B, it adds forwarding proof B after forwarding proof A carried in the data message to obtain data message B, which includes forwarding proof A and forwarding proof B. Similarly, key node C receives data message B carrying forwarding proof A and forwarding proof B. After key node C calculates and obtains forwarding proof C, it adds forwarding proof C after forwarding proof A and forwarding proof B carried in the data message to obtain data message C, which includes forwarding proof A, forwarding proof B, and forwarding proof C. By each key node continuing to add the forwarding proof of the node on the basis of the forwarding proof calculated by the previous node, the data message can carry the forwarding proof of each key node passed along the way, and can verify the identity and sequential position of each key node that the data message has passed, so it is more credible.

实际顺序位置的传输方式二、通过构造独立的报文来通告关键节点的实际顺序位置The second method of transmitting the actual sequence position is to construct an independent message to notify the actual sequence position of the key nodes.

第一转发节点生成通告报文,通告报文携带第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置;第一转发节点向验证节点发送通告报文。The first forwarding node generates a notification message, which carries the forwarding proof of the first forwarding node and the sequence position of the first forwarding node in the actual forwarding path; the first forwarding node sends the notification message to the verification node.

在一些实施方式中,通告报文为管理面协议报文。例如,通告报文为NETCONF报文,NETCONF报文携带第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。In some implementations, the notification message is a management plane protocol message. For example, the notification message is a NETCONF message, and the NETCONF message carries the forwarding proof of the first forwarding node and the sequence position of the first forwarding node in the actual forwarding path.

在一些实施方式中,通告报文为控制面协议报文。例如,通告报文为基于边界网关协议流规则(border gateway protocol flow spec,BGP flow specification,简称BGP flow spec或BGP FS)、路径计算元素协议(path computation element protocol,PCEP)、BGP监控协议(BGP monitoring protocol,BMP)、网络流(netstream)协议或者边界网关协议(border gateway protocol,BGP)等控制面协议报文。In some embodiments, the notification message is a control plane protocol message. For example, the notification message is a control plane protocol message based on border gateway protocol flow spec (BGP flow specification, referred to as BGP flow spec or BGP FS), path computation element protocol (PCEP), BGP monitoring protocol (BGP monitoring protocol, BMP), network flow (netstream) protocol or border gateway protocol (BGP) and the like.

在一些实施方式中,通告报文为应用层协议报文。通告报文包括超文本传输协议HTTP报文,HTTP报文中的载荷字段包括第一转发节点的转发证明以及第一转发节点在实际转发路径中的顺序位置。In some implementations, the notification message is an application layer protocol message, including a Hypertext Transfer Protocol (HTTP) message, and the payload field in the HTTP message includes the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path.

在一些实施方式中,第一转发节点为预期转发路径中的最后一个关键节点,第二转发节点包括预期转发路径中第一转发节点之外的所有关键节点。In some implementations, the first forwarding node is the last key node in the expected forwarding path, and the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node.

本申请实施例提供了转发证明的三种验证模式,不同验证模式下转发证明的确定方式和传输方式有所不同,下面结合三种验证模式对转发证明的确定方式和传输方式进一步举例说明。其中,实时验证模式以及随路验证模式均进一步细分为单点和多点两种子模式,终点验证模式没有单点模式而有多点模式。The embodiment of the present application provides three verification modes of forwarding proof. The determination method and transmission method of forwarding proof in different verification modes are different. The following further illustrates the determination method and transmission method of forwarding proof in combination with the three verification modes. Among them, the real-time verification mode and the on-path verification mode are further subdivided into two sub-modes: single-point and multi-point. The end point verification mode does not have a single-point mode but a multi-point mode.

验证模式一,实时验证(postcard)模式Verification mode 1: real-time verification (postcard) mode

实时验证中的实时是指验证转发证明的时间点相对于接收到数据报文的时间点是实时的。在实时验证模式下,实际转发路径中每个关键节点当处理数据报文时,关键节点计算一个转发证明并采用带外的方式向验证节点发送转发证明,即非沿着业务数据的实际转发路径本身发送单点转发证明。部署在实际转发路径外部的验证节点实时验证转发证明,关键节点不需要验证转发证明。The real-time in real-time verification means that the time point of verifying the forwarding proof is real-time relative to the time point of receiving the data message. In the real-time verification mode, when each key node in the actual forwarding path processes the data message, the key node calculates a forwarding proof and sends the forwarding proof to the verification node in an out-of-band manner, that is, the single-point forwarding proof is not sent along the actual forwarding path of the business data itself. The verification node deployed outside the actual forwarding path verifies the forwarding proof in real time, and the key node does not need to verify the forwarding proof.

实时验证模式具体包括针对单点转发证明的验证模式(简称OP子模式)以及针对多点转发证明的验证子模式(简称MP子模式)。在采用实时验证模式中针对单点证明的验证模式的情况下,每个关键节点计算本节点的单点转发证明并发送单点转发证明。在计算单点转发证明时,不需要上一个关键节点或者上游多个关键节点的身份信息。在采用实时验证模式中针对多点证明的验证模式的情况下,每个关键节点通过控制面预分发、携带业务数据的数据报文内或其他手段得知上游关键节点r_1到关键节点r_i-1的身份信息。The real-time verification mode specifically includes a verification mode for single-point forwarding proof (OP sub-mode for short) and a verification sub-mode for multi-point forwarding proof (MP sub-mode for short). When adopting the verification mode for single-point proof in the real-time verification mode, each key node calculates the single-point forwarding proof of this node and sends the single-point forwarding proof. When calculating the single-point forwarding proof, the identity information of the previous key node or multiple upstream key nodes is not required. When adopting the verification mode for multi-point proof in the real-time verification mode, each key node obtains the identity information of the upstream key node r_1 to the key node r_i-1 through control plane pre-distribution, data packets carrying business data, or other means.

在采用实时验证模式时,关键节点确定转发证明以及验证节点验证转发证明时,两者使用的顺序位置均是预期转发路径中的顺序位置,例如1、2、3、4,两者使用的顺序位置均不是实际转发路径中的顺序位置。关键节点在实际转发路径中的顺序位置不参与转发证明的计算过程以及转发证明的验证过程,关键节点在实际转发路径中的顺序位置用于存证。When the real-time verification mode is adopted, when the key node determines the forwarding proof and the verification node verifies the forwarding proof, the sequence positions used by both are the sequence positions in the expected forwarding path, such as 1, 2, 3, 4, and the sequence positions used by both are not the sequence positions in the actual forwarding path. The sequence position of the key node in the actual forwarding path does not participate in the calculation process of the forwarding proof and the verification process of the forwarding proof. The sequence position of the key node in the actual forwarding path is used for evidence storage.

在一些实施方式中,在采用实时验证模式的情况下,无论采用针对单点证明的验证模式还是以及针对多点证明的验证模式,关键节点向验证节点发送本节点在实际转发路径中的顺序位置以便实现非关键节点的记录性。In some embodiments, when a real-time verification mode is adopted, whether a verification mode for single-point proof or a verification mode for multi-point proof is adopted, the key node sends the sequential position of the node in the actual forwarding path to the verification node to achieve the record keeping of non-key nodes.

例如,请参考图3,图3示出了本申请实施例提供的一种可信路径网络系统的架构图。图3所示系统10包括控制器、关键节点以及验证节点。图3所示系统10中,预期转发路径经过四个关键节点。关键节点1为头节点,关键节点4为尾节点,关键节点2和关键节点3均为中间节点。验证节点通过通信网络与图3中的关键节点1、关键节点2、关键节点3以及关键节点4相连。在一些实施方式中,验证节点为图3中的控制器。可选地,图3所示系统中的控制器与验证节点集成在同一台设备上。换句话说,控制器不仅执行获取向量承诺和发送向量承诺的步骤,还执行验证转发证明的步骤。For example, please refer to Figure 3, which shows an architecture diagram of a trusted path network system provided by an embodiment of the present application. The system 10 shown in Figure 3 includes a controller, a key node, and a verification node. In the system 10 shown in Figure 3, the expected forwarding path passes through four key nodes. Key node 1 is a head node, key node 4 is a tail node, and key node 2 and key node 3 are both intermediate nodes. The verification node is connected to key node 1, key node 2, key node 3, and key node 4 in Figure 3 through a communication network. In some embodiments, the verification node is the controller in Figure 3. Optionally, the controller and the verification node in the system shown in Figure 3 are integrated on the same device. In other words, the controller not only performs the steps of obtaining vector commitments and sending vector commitments, but also performs the steps of verifying the forwarding proof.

在关键节点1执行数据传输的过程中,在关键节点1为关键节点的情况下,关键节点1基于载荷数据构建一个新的数据报文。数据报文的报文头携带可信路径标识符以及路径信息,路径信息携带预期转发路径中每个关键节点的身份信息,数据报文的载荷字段携带载荷数据。关键节点1利用open函数计算本节点的单点转发证明OP_1;或者,关键节点1利用batchopen函数计算本节点的多点转发证明MP_1;关键节点1获取本节点在实际转发路径中的顺序位置;关键节点1将本节点在实际转发路径中的顺序位置以及本节点的转发证明一起发送给实际转发路径的外部的验证节点,并且关键节点1将数据报文转发给第2个关键节点。In the process of data transmission performed by key node 1, when key node 1 is a key node, key node 1 constructs a new data message based on the payload data. The message header of the data message carries the trusted path identifier and path information, the path information carries the identity information of each key node in the expected forwarding path, and the payload field of the data message carries the payload data. Key node 1 uses the open function to calculate the single-point forwarding proof OP_1 of this node; or, key node 1 uses the batchopen function to calculate the multi-point forwarding proof MP_1 of this node; key node 1 obtains the sequential position of this node in the actual forwarding path; key node 1 sends the sequential position of this node in the actual forwarding path and the forwarding proof of this node to the verification node outside the actual forwarding path, and key node 1 forwards the data message to the second key node.

在第i个关键节点执行数据传输的过程中,第i个关键节点接收来自上一个关键节点的数据报文_i。数据报文_i的报文头携带可信路径标识符以及路径信息。第i个关键节点验证数据报文_i来源的正确性。如果数据报文_i的来源验证通过,第i个关键节点计算本节点的转发证明;并且,第i个关键节点获取本节点在实际转发路径中的顺序位置;第i个关键节点将本节点在实际转发路径中的顺序位置以及本节点的转发证明一起发送给位于实际转发路径外部的验证节点,并且第i个关键节点将数据报文转发给下一个关键节点i+1。此外,如果数据报文_i的来源验证不通过,第i个关键节点无需计算转发证明,丢弃数据报文_i。During the process of data transmission performed by the i-th key node, the i-th key node receives data message _i from the previous key node. The message header of data message _i carries a trusted path identifier and path information. The i-th key node verifies the correctness of the source of data message _i. If the source verification of data message _i passes, the i-th key node calculates the forwarding proof of this node; and the i-th key node obtains the sequential position of this node in the actual forwarding path; the i-th key node sends the sequential position of this node in the actual forwarding path and the forwarding proof of this node to the verification node outside the actual forwarding path, and the i-th key node forwards the data message to the next key node i+1. In addition, if the source verification of data message _i fails, the i-th key node does not need to calculate the forwarding proof and discards the data message _i.

在验证节点执行实时验证的过程中,验证节点接收来自第i个关键节点的转发证明,基于向量承诺对第i个关键节点的转发证明进行验证。During the process of the verification node performing real-time verification, the verification node receives the forwarding proof from the i-th key node and verifies the forwarding proof of the i-th key node based on the vector commitment.

在采用单点转发证明的情况下,在计算转发证明的过程中,第i个关键节点利用本节点的身份信息r_i和本节点在预期转发路径中的顺序位置i作为输入,计算一个单点转发证明OP_i;第i个关键节点将单点转发证明OP_i以及本节点在实际转发路径中的顺序位置一起发送给验证节点。验证节点基于输入的向量承诺C、第i个关键节点的身份信息r_i、第i个关键节点在预期转发路径中的顺序位置i以及第i个关键节点计算的单点转发证明OP_i,执行向量承诺机制中的验证函数Verify(C,i,r_i,OP_i),即验证顺序位置为第i个关键节点的身份信息是r_i。其中C表示向量承诺、i表示预期转发路径中的顺序位置,r_i表示第i个关键节点的身份信息,OP_i表示第i个关键节点计算的单点转发证明。In the case of adopting a single-point forwarding proof, in the process of calculating the forwarding proof, the i-th key node uses the identity information r_i of the node and the sequential position i of the node in the expected forwarding path as input to calculate a single-point forwarding proof OP_i; the i-th key node sends the single-point forwarding proof OP_i and the sequential position of the node in the actual forwarding path to the verification node. The verification node executes the verification function Verify(C,i,r_i,OP_i) in the vector commitment mechanism based on the input vector commitment C, the identity information r_i of the i-th key node, the sequential position i of the i-th key node in the expected forwarding path, and the single-point forwarding proof OP_i calculated by the i-th key node, that is, verifies that the identity information of the i-th key node with the sequential position is r_i. Where C represents the vector commitment, i represents the sequential position in the expected forwarding path, r_i represents the identity information of the i-th key node, and OP_i represents the single-point forwarding proof calculated by the i-th key node.

在采用多点转发证明的情况下,在计算转发证明的过程中,第i个关键节点利用第1个关键节点r_1至本节点r_i中每个节点的身份信息以及第1个关键节点r_1至本节点r_i中每个节点在预期转发路径中的顺序位置作为输入,计算一个多点转发证明MP_i;第i个关键节点将多点转发证明MP_i以及本节点在实际转发路径中的顺序位置一起发送给位于实际转发路径外部的验证节点。验证节点基于输入的向量承诺C、第1个关键节点至第i个关键节点中每个关键节点的身份信息r_1到r_i、第1个关键节点至第i个关键节点中每个关键节点在预期转发路径中的顺序位置i以及第i个关键节点的多点转发证明MP_i,执行向量承诺机制中的批量验证函数batch verify(C,B,r_B,MP_i),B=(r_1,r_2,…,r_i)。其中C表示向量承诺、r_B表示第1个关键节点r_1至本节点r_i中每个节点的身份信息组成的集合,B表示第1个关键节点r_1至第i个关键节点r_i中每个节点在预期转发路径中的顺序位置组成的集合,MP_i表示第i个关键节点计算的多点转发证明。In the case of adopting multi-point forwarding proof, in the process of calculating the forwarding proof, the i-th key node uses the identity information of each node from the first key node r_1 to the current node r_i and the sequential position of each node from the first key node r_1 to the current node r_i in the expected forwarding path as input to calculate a multi-point forwarding proof MP_i; the i-th key node sends the multi-point forwarding proof MP_i and the sequential position of the current node in the actual forwarding path to the verification node located outside the actual forwarding path. The verification node executes the batch verification function batch verify(C, B, r_B, MP_i) in the vector commitment mechanism based on the input vector commitment C, the identity information r_1 to r_i of each key node from the first key node to the i-th key node, the sequential position i of each key node from the first key node to the i-th key node in the expected forwarding path, and the multi-point forwarding proof MP_i of the i-th key node, where B=(r_1, r_2, …, r_i). Where C represents vector commitment, r_B represents the set of identity information of each node from the first key node r_1 to the current node r_i, B represents the set of sequential positions of each node from the first key node r_1 to the i-th key node r_i in the expected forwarding path, and MP_i represents the multi-point forwarding proof calculated by the i-th key node.

示例性地,在采用实时验证模式的情况下,无论采用针对单点证明的验证模式还是以及针对多点证明的验证模式,关键节点在传输业务数据的过程中,额外构造一个单独的数据报文,该数据报文用于携带本节点的实际顺序位置以及本节点的转发证明,该数据报文无需承载业务数据。关键节点对外发送该数据报文。例如,当业务数据传输至第i个关键节点时,第i个关键节点对外发送的数据报文包含如下所示的内容。
For example, in the case of real-time verification mode, whether the verification mode for single-point proof or multi-point proof is adopted, the key node constructs an additional separate data message in the process of transmitting business data. The data message is used to carry the actual sequence position of the node and the forwarding proof of the node. The data message does not need to carry business data. The key node sends the data message to the outside. For example, when business data is transmitted to the i-th key node, the data message sent by the i-th key node to the outside includes the following content.

本实施例提供的实时验证模式,由于数据报文实际传输过程中沿途经过的每个关键节点均计算本节点的转发证明,并对外发送本节点的转发证明,使得数据报文实际经过的每个关键节点的身份以及顺序位置都得以经过验证,因此能够逐跳保证安全性。此外,由于任意一个关键节点在接收到数据报文后即可执行转发证明的计算并发送转发证明,使得观察者能够实时获取并验证转发证明,相较于终点验证模式而言,不必等到数据报文传输至最后一个关键节点再进行验证,实现数据传输过程的实时透明追踪,攻击窗口较小。此外,由于转发证明以及实际转发路径中的顺序位置均发送给外部的验证节点(观察者),支持转发证明以及实际转发路径中的顺序位置的公开审计,由此可见实时验证模式能够显著提高数据传输过程的安全性。The real-time verification mode provided by this embodiment, since each key node along the way during the actual transmission of the data message calculates the forwarding proof of this node and sends the forwarding proof of this node to the outside, the identity and sequential position of each key node actually passed by the data message can be verified, so that security can be guaranteed hop by hop. In addition, since any key node can perform the calculation of the forwarding proof and send the forwarding proof after receiving the data message, the observer can obtain and verify the forwarding proof in real time. Compared with the end point verification mode, it is not necessary to wait until the data message is transmitted to the last key node for verification, so that real-time transparent tracking of the data transmission process is realized, and the attack window is smaller. In addition, since the forwarding proof and the sequential position in the actual forwarding path are sent to the external verification node (observer), the public audit of the forwarding proof and the sequential position in the actual forwarding path is supported. It can be seen that the real-time verification mode can significantly improve the security of the data transmission process.

验证模式二,随路验证(passport)模式Verification mode 2: Passport mode

在随路验证模式下实际转发路径中每个关键节点i当处理数据报文时,关键节点i计算本节点的转发证明p_i并将转发证明添加至随路传递的数据报文中。关键节点i发送数据报文_i+1,数据报文_i+1包括转发证明p_i。由于发送的数据报文携带转发证明,使得转发证明随着数据报文沿途转发至下一个关键节点i+1,以便下一个关键节点对转发证明p_i进行验证。并且,每个关键节点i兼任观察者,关键节点i在计算自己的转发证明p_i之前,针对上一个关键节点i-1的转发证明p_i-1进行验证,从而降低数据报文来源错误的风险。转发证明p_i例如是单点证明OP,又如是多点证明MP。In the on-path verification mode, when each key node i in the actual forwarding path processes a data message, key node i calculates the forwarding proof p_i of this node and adds the forwarding proof to the data message transmitted on the path. Key node i sends data message _i+1, and data message _i+1 includes forwarding proof p_i. Since the sent data message carries the forwarding proof, the forwarding proof is forwarded along with the data message to the next key node i+1, so that the next key node can verify the forwarding proof p_i. In addition, each key node i also serves as an observer. Before calculating its own forwarding proof p_i, key node i verifies the forwarding proof p_i-1 of the previous key node i-1, thereby reducing the risk of incorrect data message source. The forwarding proof p_i is, for example, a single-point proof OP or a multi-point proof MP.

随路验证模式具体包括针对单点转发证明的验证模式(简称OP子模式)以及针对多点转发证明的验证子模式(简称MP子模式)。The on-path verification mode specifically includes a verification mode for single-point forwarding proof (abbreviated as OP sub-mode) and a verification sub-mode for multi-point forwarding proof (abbreviated as MP sub-mode).

在采用随路验证模式中针对单点证明的验证模式的情况下,每个关键节点计算本节点的单点转发证明OP_i,并将单点转发证明OP_i添加至数据报文中,使得单点转发证明OP_i和业务数据一起传输至下一个关键节点。在计算单点转发证明时,不需要上一个关键节点或者上游多个关键节点的身份信息。When adopting the verification mode for single-point proof in the on-line verification mode, each key node calculates the single-point forwarding proof OP_i of the node and adds the single-point forwarding proof OP_i to the data message, so that the single-point forwarding proof OP_i and the business data are transmitted to the next key node together. When calculating the single-point forwarding proof, the identity information of the previous key node or multiple upstream key nodes is not required.

在采用随路验证模式中针对多点证明的验证模式的情况下,每个关键节点通过控制面预分发、携带业务数据的数据报文内或其他手段得知第一个关键节点r_1到上一个关键节点r_i-1的身份信息。每个关键节点基于从第一个关键节点r_1至本节点中每个节点的身份信息和顺序位置计算本节点的多点转发证明MP_i,并将单点转发证明MP_i添加至数据报文中,使得单点转发证明MP_i和业务数据一起传输至下一个关键节点。In the case of adopting the verification mode for multi-point proof in the on-path verification mode, each key node learns the identity information from the first key node r_1 to the previous key node r_i-1 through control plane pre-distribution, data packets carrying business data, or other means. Each key node calculates the multi-point forwarding proof MP_i of this node based on the identity information and sequential position of each node from the first key node r_1 to this node, and adds the single-point forwarding proof MP_i to the data packet, so that the single-point forwarding proof MP_i and the business data are transmitted to the next key node together.

可选地,在采用随路验证模式的情况下,无论采用针对单点证明的验证模式还是以及针对多点证明的验证模式,第一个关键节点在数据报文中添加实际顺序位置列表,每个关键节点i在数据报文中携带的实际顺序位置列表添加本节点在实际转发路径中的顺序位置,以便记录数据报文已经过的前半段路径中每个关键节点的实际顺序位置。Optionally, when adopting the in-path verification mode, regardless of whether the verification mode for single-point proof or the verification mode for multi-point proof is adopted, the first key node adds an actual sequence position list in the data message, and the actual sequence position list carried by each key node i in the data message adds the sequence position of this node in the actual forwarding path, so as to record the actual sequence position of each key node in the first half of the path that the data message has passed.

例如,请参考图4,图4中的转发节点_2、转发节点_3以及关键节点4均为验证节点,转发节点_2对关键节点1的转发证明p_1进行验证。转发节点_3对转发节点_2的转发证明p_2进行验证。关键节点4对图3中转发节点_3的转发证明p_3进行验证。For example, please refer to Figure 4. Forwarding node_2, forwarding node_3 and key node 4 in Figure 4 are all verification nodes. Forwarding node_2 verifies the forwarding proof p_1 of key node 1. Forwarding node_3 verifies the forwarding proof p_2 of forwarding node_2. Key node 4 verifies the forwarding proof p_3 of forwarding node_3 in Figure 3.

在关键节点1执行数据传输的过程中,在关键节点1为关键节点的情况下,关键节点1利用open函数计算本节点的单点转发证明OP_1;或者,关键节点1利用batchopen函数计算本节点的多点转发证明MP_1;关键节点1获取本节点在实际转发路径中的顺序位置;关键节点1基于向量承诺、载荷数据、关键节点1的转发证明以及关键节点1在实际转发路径中的顺序位置构建一个新的数据报文。数据报文的报文头携带可信路径标识符、向量承诺、关键节点1的转发证明、路径信息以及实际顺序位置列表,路径信息携带预期转发路径中每个关键节点的身份信息,数据报文的载荷字段携带载荷数据。实际顺序位置列表包括关键节点1在实际转发路径中的顺序位置。During the data transmission process performed by key node 1, when key node 1 is a key node, key node 1 uses the open function to calculate the single-point forwarding proof OP_1 of this node; or, key node 1 uses the batchopen function to calculate the multi-point forwarding proof MP_1 of this node; key node 1 obtains the sequence position of this node in the actual forwarding path; key node 1 constructs a new data message based on the vector commitment, the payload data, the forwarding proof of key node 1, and the sequence position of key node 1 in the actual forwarding path. The message header of the data message carries the trusted path identifier, the vector commitment, the forwarding proof of key node 1, the path information, and the actual sequence position list, the path information carries the identity information of each key node in the expected forwarding path, and the payload field of the data message carries the payload data. The actual sequence position list includes the sequence position of key node 1 in the actual forwarding path.

第i个关键节点执行数据传输的过程中,第i个关键节点接收来自第(i-1)个关键节点的数据报文_i。数据报文_i的报文头携带可信路径标识符、路径信息以及第(i-1)个关键节点的转发证明。路径信息携带预期转发路径中每个关键节点的身份信息。第i个关键节点对数据报文携带的第(i-1)个关键节点的转发证明进行验证。如果第(i-1)个关键节点的转发证明验证通过,则数据报文_i的来源验证通过,第i个关键节点计算转发证明,并使用本节点计算的转发证明替换数据报文_i的报文头携带的上一个关键节点的转发证明。此外,第i个关键节点向数据报文_i携带的实际顺序位置列表添加本节点在实际转发路径中的顺序位置,从而获得数据报文_i+1。数据报文_i+1携带数据报文_i中的载荷数据、实际顺序位置列表以及第i个关键节点的转发证明。第i个关键节点向第(i+1)个关键节点转发数据报文。此外,如果第(i-1)个关键节点的转发证明验证不通过,第i个关键节点无需计算转发证明,丢弃数据报文_i。During the data transmission process performed by the i-th key node, the i-th key node receives data message _i from the (i-1)th key node. The message header of data message _i carries a trusted path identifier, path information, and a forwarding proof of the (i-1)th key node. The path information carries the identity information of each key node in the expected forwarding path. The i-th key node verifies the forwarding proof of the (i-1)th key node carried by the data message. If the forwarding proof of the (i-1)th key node is verified, the source verification of data message _i is passed, the i-th key node calculates the forwarding proof, and uses the forwarding proof calculated by this node to replace the forwarding proof of the previous key node carried in the message header of data message _i. In addition, the i-th key node adds the sequence position of this node in the actual forwarding path to the actual sequence position list carried by data message _i, thereby obtaining data message _i+1. Data message _i+1 carries the payload data in data message _i, the actual sequence position list, and the forwarding proof of the i-th key node. The i-th key node forwards the data message to the (i+1)-th key node. In addition, if the forwarding proof verification of the (i-1)-th key node fails, the i-th key node does not need to calculate the forwarding proof and discards the data message _i.

在采用单点转发证明的情况下,在验证上一个关键节点的转发证明的过程中,第i个关键节点基于第(i-1)个关键节点的身份信息以及第(i-1)个关键节点在预期转发路径的顺序位置,对数据报文的报文头携带的第(i-1)个关键节点的单点转发证明OP_i-1进行验证;在计算本节点的转发证明的过程中,第i个关键节点利用本节点的公开身份r_i和本节点在预期转发路径中的顺序位置i作为输入,计算一个单点转发证明OP_i;第i个关键节点使用单点转发证明OP_i替换数据报文_i的报文头携带的上一个关键节点的单点转发证明OP_i-1。When a single-point forwarding proof is adopted, in the process of verifying the forwarding proof of the previous key node, the i-th key node verifies the single-point forwarding proof OP_i-1 of the (i-1)th key node carried in the header of the data message based on the identity information of the (i-1)th key node and the sequential position of the (i-1)th key node in the expected forwarding path; in the process of calculating the forwarding proof of this node, the i-th key node uses the public identity r_i of this node and the sequential position i of this node in the expected forwarding path as input to calculate a single-point forwarding proof OP_i; the i-th key node uses the single-point forwarding proof OP_i to replace the single-point forwarding proof OP_i-1 of the previous key node carried in the header of the data message _i.

在采用多点转发证明的情况下,可选地,数据报文_i还包括第1个关键节点到第i个关键节点中每个关键节点在实际转发路径中的顺序位置。在验证上半程路径的转发证明的过程中,第i个关键节点基于第1个关键节点至第(i-1)个关键节点中每个关键节点的身份信息以及第1个关键节点至第(i-1)个关键节点中每个关键节点在预期转发路径的顺序位置,对数据报文携带的第(i-1)个关键节点的多点转发证明MP_i-1进行验证。在计算本节点的转发证明的过程中,第i个关键节点利用第1个关键节点r_1至本节点r_i中每个节点的身份信息以及第1个关键节点r_1至本节点r_i中每个节点在预期转发路径中的顺序位置作为输入,计算一个多点转发证明MP_i;第i个关键节点使用多点转发证明MP_i替换数据报文_i的报文头携带的上一个关键节点的多点转发证明MP_i-1。In the case of adopting multi-point forwarding proof, optionally, data message _i also includes the sequential position of each key node from the 1st key node to the i-th key node in the actual forwarding path. In the process of verifying the forwarding proof of the upper half path, the i-th key node verifies the multi-point forwarding proof MP_i-1 of the (i-1)th key node carried by the data message based on the identity information of each key node from the 1st key node to the (i-1)th key node and the sequential position of each key node from the 1st key node to the (i-1)th key node in the expected forwarding path. In the process of calculating the forwarding proof of this node, the i-th key node uses the identity information of each node from the 1st key node r_1 to this node r_i and the sequential position of each node from the 1st key node r_1 to this node r_i in the expected forwarding path as input to calculate a multi-point forwarding proof MP_i; the i-th key node uses the multi-point forwarding proof MP_i to replace the multi-point forwarding proof MP_i-1 of the previous key node carried in the message header of data message _i.

在采用随路验证模式时,关键节点在确定转发证明以及验证上一个关键节点转发证明时,使用的顺序位置均是预期转发路径中的顺序位置,例如1、2、3、4,使用的顺序位置均不是实际转发路径中的顺序位置。关键节点在实际转发路径中的顺序位置不参与转发证明的计算过程以及转发证明的验证过程,关键节点在实际转发路径中的顺序位置用于存证。When adopting the on-path verification mode, the key nodes use the sequence positions in the expected forwarding path when determining the forwarding proof and verifying the forwarding proof of the previous key node, such as 1, 2, 3, 4, and the sequence positions used are not the sequence positions in the actual forwarding path. The sequence position of the key node in the actual forwarding path does not participate in the calculation process of the forwarding proof and the verification process of the forwarding proof. The sequence position of the key node in the actual forwarding path is used for evidence storage.

示例性地,在采用随路验证模式的情况下,无论采用针对单点证明的验证模式还是以及针对多点证明的验证模式,关键节点在传输业务数据的过程中,向数据报文中添加本节点的实际顺序位置以及本节点的转发证明,将包括业务数据、本节点的实际顺序位置以及本节点的转发证明的数据报文发送给下一个关键节点,使得本节点的实际顺序位置以及本节点的转发证明随着业务数据一起沿着转发路径传输。例如,当业务数据传输至第i个关键节点时,第i个关键节点向下一个关键节点发送的数据报文包含如下所示的内容。例如,数据报文的报文头用于携带如下所示的实际序号以及转发证明。
Exemplarily, in the case of adopting the on-path verification mode, whether adopting the verification mode for single-point proof or the verification mode for multi-point proof, the key node adds the actual sequence position of the node and the forwarding proof of the node to the data message during the transmission of business data, and sends the data message including the business data, the actual sequence position of the node and the forwarding proof of the node to the next key node, so that the actual sequence position of the node and the forwarding proof of the node are transmitted along the forwarding path together with the business data. For example, when the business data is transmitted to the i-th key node, the data message sent by the i-th key node to the next key node contains the following content. For example, the message header of the data message is used to carry the actual sequence number and forwarding proof as shown below.

本实施例提供的随路验证模式,由于数据报文实际传输过程中沿途经过的每个关键节点均计算本节点的转发证明,并验证上一个关键节点的转发证明,使得数据报文实际经过的每个关键节点的身份以及顺序位置都得以经过验证,因此能够逐跳保证安全性。此外,由于转发证明随路纳入业务数据报文的报文头,相较于单独构造数据报文以传输转发证明而言,计算和通信成本适中,协议流程和复杂度适中,是折中方案。The on-path verification mode provided by this embodiment calculates the forwarding proof of each key node passed by the data message during the actual transmission process, and verifies the forwarding proof of the previous key node, so that the identity and sequential position of each key node actually passed by the data message can be verified, so that security can be guaranteed hop by hop. In addition, since the forwarding proof is included in the message header of the service data message on-path, compared with constructing a data message separately to transmit the forwarding proof, the calculation and communication costs are moderate, and the protocol process and complexity are moderate, which is a compromise solution.

进一步的,通过每一个关键节点负责验证上一个关键节点的单点转发证明,达到的好处包括而不限于下述几个方面。Furthermore, by having each key node be responsible for verifying the single-point forwarding proof of the previous key node, the benefits achieved include but are not limited to the following aspects.

第一,进一步降低欺骗和篡改的概率。具体地,由于每个关键节点的验证都建立在前一跳的验证基础上,相当于形成了一个连续的验证链条,一旦有关键节点被验证为欺骗,后续的关键节点可以立即停止转发,从而降低转发路径中任意一跳节点伪装、欺骗或篡改数据包的概率,提高网络的安全性。First, further reduce the probability of deception and tampering. Specifically, since the verification of each key node is based on the verification of the previous hop, it is equivalent to forming a continuous verification chain. Once a key node is verified as deception, the subsequent key nodes can immediately stop forwarding, thereby reducing the probability of any hop node in the forwarding path disguising, deceiving or tampering with the data packet, and improving the security of the network.

第二,验证路径的完整性。由于每一跳个关键节点的单点转发证明均由下一跳进行验证,从而降低遗漏验证转发路径中某个节点的证明的风险,能够逐步验证整个转发路径上每一跳节点都处于正确的位置上,几乎没有跳跃或中断。Second, verify the integrity of the path. Since the single-point forwarding proof of each key node is verified by the next hop, the risk of missing the proof of a node in the forwarding path is reduced, and each hop node on the entire forwarding path can be gradually verified to be in the correct position with almost no jumps or interruptions.

第三,隐私保护:由于验证上一个关键节点的单点转发证明时无需用到上一个关键节点之外其他节点的身份信息和相对位置,因此每一个关键节点的身份信息和相对位置只需要暴露给下一个关键节点,而无需暴露给下一个关键节点之外的其他关键节点,从而一定程度上保护了关键节点的隐私,降低身份信息和相对位置泄露的风险。Third, privacy protection: Since the identity information and relative position of other nodes other than the previous key node are not needed to verify the single-point forwarding proof of the previous key node, the identity information and relative position of each key node only need to be exposed to the next key node, and do not need to be exposed to other key nodes other than the next key node. This protects the privacy of the key nodes to a certain extent and reduces the risk of leakage of identity information and relative positions.

第四,能够验证关键节点的位置正确性。由于每个关键节点的转发证明都是基于身份信息和顺序位置获得的,通过验证每个关键节点的单点转发证明,能够验证关键节点是否预期的顺序位置转发数据报文。Fourth, the correctness of the position of the key node can be verified. Since the forwarding proof of each key node is obtained based on the identity information and sequential position, by verifying the single-point forwarding proof of each key node, it is possible to verify whether the key node forwards the data message in the expected sequential position.

进一步的,通过每一跳关键节点负责验证上半程关键节点的多点转发证明,达到的好处包括而不限于下述几个方面。Furthermore, by having each key node of each hop be responsible for verifying the multi-point forwarding proof of the key node in the upper half, the benefits achieved include but are not limited to the following aspects.

第一,效率提升:相比每个节点单独验证单点转发证明,多点转发证明可以一次性验证多个关键节点的转发证明,利用批量处理的优势提升转发路径整体的验证性能,节省了计算证明和验证证明的时间。First, efficiency is improved: compared with each node verifying a single-point forwarding proof individually, a multi-point forwarding proof can verify the forwarding proofs of multiple key nodes at one time, using the advantages of batch processing to improve the overall verification performance of the forwarding path, saving the time for calculating and verifying proofs.

第二,减少验证次数:通过验证多关键节点的转发证明,可以减少实际进行验证的次数。例如,针对转发路径上m个关键节点,对每个关键节点的单点转发证明进行验证时需要执行m次验证;而通过验证与m个节点的多点转发证明,能够一次性验证m个关键节点,验证次数可以减少到1次,从而减少了转发路径整体所需执行的验证的次数,加快了验证的速度。Second, reduce the number of verifications: By verifying the forwarding proofs of multiple key nodes, the number of actual verifications can be reduced. For example, for m key nodes on the forwarding path, it is necessary to perform m verifications when verifying the single-point forwarding proof of each key node; by verifying the multi-point forwarding proof with m nodes, m key nodes can be verified at one time, and the number of verifications can be reduced to 1, thereby reducing the number of verifications required to be performed on the entire forwarding path and speeding up the verification.

第三,更好的可扩展性:由于多点转发证明的方式相较于单点转发证明的方式,几乎不会随着转发路径中节点的数量的增加而线性地增加计算证明和验证证明的时间成本,因此即使转发路径包含更多关键节点需要验证,也几乎不会导致验证成本的大幅增加,因为验证过程具有批量处理的效率优势,整体性能仍然能够保持较高的水平。Third, better scalability: Compared with the single-point forwarding proof method, the multi-point forwarding proof method will hardly increase the time cost of calculating and verifying the proof linearly with the increase in the number of nodes in the forwarding path. Therefore, even if the forwarding path contains more key nodes that need to be verified, it will hardly lead to a significant increase in the verification cost. Because the verification process has the efficiency advantage of batch processing, the overall performance can still be maintained at a high level.

第四,综合多个关键节点的验证结果。与单点转发证明的效果类似,可以综合转发路径上多个关键节点的验证结果,使得验证的范围覆盖整个转发路径上每个关键节点的位置和身份,从而对整个转发路径进行全面验证。Fourth, integrate the verification results of multiple key nodes. Similar to the effect of single-point forwarding proof, the verification results of multiple key nodes on the forwarding path can be integrated so that the scope of verification covers the location and identity of each key node on the entire forwarding path, thereby fully verifying the entire forwarding path.

验证模式三,终点验证(final_only)模式Verification mode three, final_only mode

终点验证模式下,转发路径中的尾节点兼任观察者的角色,尾节点基于转发路径中每个转发节点(包括尾节点自身)的相对位置和每个转发节点的身份信息获得转发证明,尾节点对获得的转发证明进行验证。例如,请参考图5,图5是本申请实施例提供的一种终点验证模式下转发证明的验证场景示意图。图5所示场景以转发路径包括4个转发节点为例举例说明。图5中的关键节点4为充当验证节点的尾节点的具体示例。转发路径中转发节点的数量可以更多或更少。比如转发路径中转发节点的数量可以仅为两个,则由转发路径中第二个转发节点(如图5中的节点_2)充当验证节点。或者,转发路径中转发节点的数量为几十个或几百个,或者更多数量。In the endpoint verification mode, the tail node in the forwarding path also serves as an observer. The tail node obtains a forwarding proof based on the relative position of each forwarding node (including the tail node itself) in the forwarding path and the identity information of each forwarding node, and the tail node verifies the obtained forwarding proof. For example, please refer to Figure 5, which is a schematic diagram of a verification scenario of a forwarding proof under an endpoint verification mode provided by an embodiment of the present application. The scenario shown in Figure 5 is illustrated by taking the forwarding path including 4 forwarding nodes as an example. The key node 4 in Figure 5 is a specific example of a tail node acting as a verification node. The number of forwarding nodes in the forwarding path can be more or less. For example, the number of forwarding nodes in the forwarding path can be only two, and the second forwarding node in the forwarding path (such as node_2 in Figure 5) acts as a verification node. Alternatively, the number of forwarding nodes in the forwarding path is dozens or hundreds, or more.

在关键节点1执行数据传输的过程中,在关键节点1为关键节点的情况下,关键节点1基于向量承诺、载荷数据以及关键节点1在实际转发路径中的顺序位置构建一个新的数据报文。数据报文的报文头携带可信路径标识符、向量承诺、路径信息以及实际顺序位置列表,数据报文的载荷字段携带载荷数据。实际顺序位置列表包括关键节点1在实际转发路径中的顺序位置。In the process of data transmission performed by key node 1, when key node 1 is a key node, key node 1 constructs a new data message based on vector commitment, payload data, and the sequence position of key node 1 in the actual forwarding path. The message header of the data message carries the trusted path identifier, vector commitment, path information, and the actual sequence position list, and the payload field of the data message carries the payload data. The actual sequence position list includes the sequence position of key node 1 in the actual forwarding path.

作为中间节点的第i个关键节点执行数据传输的过程中,第i个关键节点无需执行转发证明的计算过程和转发证明的验证过程,第i个关键节点采用验证转发证明之外的其他方式对数据报文的来源验证。第i个关键节点向数据报文_i携带的实际顺序位置列表添加本节点在实际转发路径中的顺序位置,通过维护实际顺序位置列表来记录本节点的实际顺序位置。During the data transmission process performed by the i-th key node as an intermediate node, the i-th key node does not need to perform the calculation process of the forwarding proof and the verification process of the forwarding proof. The i-th key node verifies the source of the data message in other ways besides verifying the forwarding proof. The i-th key node adds the sequence position of this node in the actual forwarding path to the actual sequence position list carried by the data message _i, and records the actual sequence position of this node by maintaining the actual sequence position list.

最后一个关键节点(尾节点)接收数据报文_N,数据报文_N包含一个报文头,该报文头携带可信路径标识符以及路径信息P=(r_1,r_2,…,r_N),路径信息携带预期转发路径中每个关键节点的身份信息,其中r_i表征转发节点i公开可验证的身份。最后一个关键节点在计算转发证明的过程中,基于关键节点1至关键节点r_N中每一个节点的身份信息以及关键节点1至关键节点r_N中每一个关键节点在预期转发路径中的顺序位置,获得多点转发证明MP_N。最后一个关键节点在验证转发证明的过程中,最后一个关键节点获取多点转发证明MP_N、向量承诺C以及路径信息P=(r_1,r_2,…,r_N)。最后一个关键节点根据向量承诺机制,基于向量承诺C、路径信息P中每个关键节点在预期转发路径中顺序位置以及路径信息P中每个节点的身份信息,采用批量验证函数(batch verify)对多点转发证明MP_N进行验证,执行batch verify(C,MP_N,P),即验证整个实际转发路径中每个顺序位置i上的关键节点的身份信息都是r_i,此外,最后一个关键节点从数据报文_N中获取并保存实际顺序位置列表。The last key node (tail node) receives data message _N, which contains a message header carrying a trusted path identifier and path information P = (r_1, r_2, ..., r_N). The path information carries the identity information of each key node in the expected forwarding path, where r_i represents the publicly verifiable identity of forwarding node i. In the process of calculating the forwarding proof, the last key node obtains the multi-point forwarding proof MP_N based on the identity information of each node from key node 1 to key node r_N and the sequential position of each key node from key node 1 to key node r_N in the expected forwarding path. In the process of verifying the forwarding proof, the last key node obtains the multi-point forwarding proof MP_N, the vector commitment C, and the path information P = (r_1, r_2, ..., r_N). The last key node verifies the multi-point forwarding proof MP_N according to the vector commitment mechanism, based on the vector commitment C, the sequential position of each key node in the path information P in the expected forwarding path, and the identity information of each node in the path information P. It executes batch verify(C, MP_N, P), that is, verifies that the identity information of the key node at each sequential position i in the entire actual forwarding path is r_i. In addition, the last key node obtains and saves the actual sequential position list from the data message _N.

示例性地,在采用终点验证模式的情况下,无论采用针对单点证明的验证模式还是以及针对多点证明的验证模式,由于每个关键节点均向携带业务数据的数据报文中添加本节点的实际顺序位置,使得数据报文在携带业务数据的同时,还额外携带数据报文已经过的每个关键节点的实际顺序位置。示例性地,当数据报文传输至第i个关键节点时,数据报文中除了业务数据之外还包括如下内容。
Exemplarily, in the case of adopting the endpoint verification mode, whether adopting the verification mode for single-point certification or the verification mode for multi-point certification, since each key node adds the actual sequence position of the node to the data message carrying the business data, the data message not only carries the business data, but also carries the actual sequence position of each key node that the data message has passed. Exemplarily, when the data message is transmitted to the i-th key node, the data message includes the following content in addition to the business data.

本实施例提供的终点验证模式,由于转发路径中除了尾节点之外的每一个关键节点无需计算转发证明以及针对转发证明进行验证,仅在尾节点一次性计算转发证明和转发证明的验证,因此转发路径中所有关键节点的整体开销较小。The endpoint verification mode provided in this embodiment does not require calculation of the forwarding proof and verification of the forwarding proof at each key node except the tail node in the forwarding path. The forwarding proof and verification of the forwarding proof are only calculated once at the tail node. Therefore, the overall overhead of all key nodes in the forwarding path is relatively small.

此外,由于转发路径中每一跳节点都不需要向验证节点发送转发证明,从而节省了转发节点为发送转发证明造成的生成报文和传输报文的开销,也节省了转发证明在网络中传输时会占用的带宽。In addition, since each hop node in the forwarding path does not need to send a forwarding proof to the verification node, the forwarding node saves the overhead of generating and transmitting messages to send the forwarding proof, and also saves the bandwidth occupied when the forwarding proof is transmitted in the network.

利用转发路径中每一个关键节点的身份信息和相对位置进行验证仅是示例。本申请的另一些实现方式中,支持对转发路径上本关键节点之前的一定范围内的关键节点进行追溯和验证。验证者可以根据实际需求灵活地指定所需追溯的范围,不同关键节点可以负责验证转发路径的不同部分,从而提供了更灵活和可调整的追溯能力。下面以验证转发关键节点之前的两跳或三个关键节点为例进行说明。Using the identity information and relative position of each key node in the forwarding path for verification is only an example. In other implementations of the present application, it is supported to trace and verify the key nodes within a certain range before the key node on the forwarding path. The verifier can flexibly specify the required traceability range according to actual needs, and different key nodes can be responsible for verifying different parts of the forwarding path, thereby providing a more flexible and adjustable traceability capability. The following is an example of verifying two or three key nodes before the forwarding key node.

在另一种可能的实现方式中,关键节点i基于向量承诺、转发路径中关键节点i之前的两个关键节点的身份信息以及关键节点i之前的两个关键节点的相对位置对转发证明进行验证,从而支持追溯和验证本关键节点之前的两个关键节点的正确性。例如,第三个关键节点基于向量承诺、第一个关键节点的身份信息、第一个关键节点的相对位置、第二个关键节点的身份信息、第二个关键节点的相对位置对第三个关键节点接收到的转发证明进行验证;第五个关键节点基于向量承诺、第三个关键节点的身份信息、第三个关键节点的相对位置、第四个关键节点的身份信息以及第四个关键节点的相对位置对第五个关键节点接收到的转发证明进行验证。In another possible implementation, key node i verifies the forwarding proof based on the vector commitment, the identity information of the two key nodes before key node i in the forwarding path, and the relative position of the two key nodes before key node i, thereby supporting the tracing and verification of the correctness of the two key nodes before the current key node. For example, the third key node verifies the forwarding proof received by the third key node based on the vector commitment, the identity information of the first key node, the relative position of the first key node, the identity information of the second key node, and the relative position of the second key node; the fifth key node verifies the forwarding proof received by the fifth key node based on the vector commitment, the identity information of the third key node, the relative position of the third key node, the identity information of the fourth key node, and the relative position of the fourth key node.

在另一种可能的实现方式中,关键节点i基于转发路径中关键节点i之前的三个关键节点的身份信息、关键节点i之前的三个关键节点的相对位置以及向量承诺对转发证明进行验证,从而支持追溯和验证本关键节点之前的三个关键节点的正确性。例如,第四个关键节点基于第一个关键节点的身份信息、第一个关键节点的相对位置、第二个关键节点的身份信息、第二个关键节点的相对位置、第三个关键节点的身份信息、第三个关键节点的相对位置以及向量承诺对第四个关键节点接收到的转发证明进行验证;第七个关键节点基于第四个关键节点的身份信息、第四个关键节点的相对位置、第五个关键节点的身份信息以及第五个关键节点的相对位置、第六个关键节点的身份信息、第六个关键节点的相对位置以及向量承诺对第七个关键节点接收到的转发证明进行验证。In another possible implementation, key node i verifies the forwarding proof based on the identity information of the three key nodes before key node i in the forwarding path, the relative positions of the three key nodes before key node i, and the vector commitment, thereby supporting the tracing and verification of the correctness of the three key nodes before the key node. For example, the fourth key node verifies the forwarding proof received by the fourth key node based on the identity information of the first key node, the relative position of the first key node, the identity information of the second key node, the relative position of the second key node, the identity information of the third key node, the relative position of the third key node, and the vector commitment; the seventh key node verifies the forwarding proof received by the seventh key node based on the identity information of the fourth key node, the relative position of the fourth key node, the identity information of the fifth key node, the relative position of the fifth key node, the identity information of the sixth key node, the relative position of the sixth key node, and the vector commitment.

在一种可能的实现方式中,响应于确定数据报文携带的转发证明不通过验证,关键节点丢弃接收到的数据报文。通过丢弃转发证明不通过验证的数据报文,有助于阻断来源不合法的数据进一步传输,提高网络安全性。具体地,如果关键节点发现数据报文携带的转发证明不通过验证,即证明数据的来源可能存在问题,例如数据报文在转发至本节点之前跳过了路径中的节点或者路过多余的未指定的节点,关键节点通过丢弃该数据报文,从而避免数据来源有问题的报文从本节点进一步传输至下一个节点,从而快速阻止数据来源有问题的数据报文进一步传播,降低未经授权的数据访问和篡改的概率,减少网络攻击的可能性,提高网络安全性。In one possible implementation, in response to determining that the forwarding proof carried by the data message fails verification, the key node discards the received data message. By discarding the data message whose forwarding proof fails verification, it helps to block the further transmission of data from illegal sources and improve network security. Specifically, if the key node finds that the forwarding proof carried by the data message fails verification, that is, the source of the proof data may have problems, such as the data message skips a node in the path or passes through an extra unspecified node before forwarding to this node, the key node discards the data message, thereby avoiding the message with problematic data source from being further transmitted from this node to the next node, thereby quickly preventing the data message with problematic data source from further propagation, reducing the probability of unauthorized data access and tampering, reducing the possibility of network attacks, and improving network security.

在一种可能的实现方式中,响应于确定数据报文携带的转发证明不通过验证,关键节点输出告警信息,告警信息用于指示转发证明不通过验证。在一种可能的实现方式中,关键节点通过管理面协议向网络管理系统(network management system,NMS)、网元管理系统(element management system,EMS)或者控制器通告告警信息。例如,关键节点向控制器发送网络配置协议(network configuration protocol,NETCOF)报文,NETCOF报文携带告警信息,NETCOF报文指示转发证明不通过验证。又如,关键节点向控制器发送简单网络管理协议(simple network management Protocol,SNMP)报文,SNMP报文携带告警信息,SNMP报文指示转发证明不通过验证。又如,关键节点基于遥测(telemetry)向控制器发送指示转发证明不通过验证的告警信息。又如,关键节点基于表述性状态转移原则(representational state transfer,RESTful)向控制器发送指示转发证明不通过验证的告警信息。又如,关键节点基于日志管理协议,将表示转发证明不通过验证的信息以日志的形式发送给控制器。例如,关键节点向控制器发送系统日志(system logging protocol,Syslog)协议报文,Syslog协议报文携带指示转发证明不通过验证的告警信息。Syslog是一种标准的UNIX系统日志管理协议,用于将设备或应用程序生成的日志信息发送到远程服务器。在一种可能的实现方式中,关键节点采用警报通知的方式输出告警信息。警报通知可以通过短信、邮件、即时通讯工具等方式进行发送,使得管理员或者网络安全团队及时收到并采取相应的应对措施。在另一种可能的实现方式中,关键节点所采用日志记录的方式输出告警信息。比如说,关键节点_i将验证失败的数据报文_i的信息记录到系统日志中。在再一种可能的实现方式中,关键节点_i向控制器发送告警信息。控制器提供可视化的告警信息展示,以便管理员快速发现问题并采取措施。In one possible implementation, in response to determining that the forwarding proof carried by the data message fails to pass verification, the key node outputs an alarm message, and the alarm message is used to indicate that the forwarding proof fails to pass verification. In one possible implementation, the key node notifies the alarm message to the network management system (NMS), the element management system (EMS) or the controller through the management plane protocol. For example, the key node sends a network configuration protocol (NETCOF) message to the controller, the NETCOF message carries the alarm message, and the NETCOF message indicates that the forwarding proof fails to pass verification. For another example, the key node sends a simple network management protocol (SNMP) message to the controller, the SNMP message carries the alarm message, and the SNMP message indicates that the forwarding proof fails to pass verification. For another example, the key node sends an alarm message indicating that the forwarding proof fails to pass verification to the controller based on telemetry. For another example, the key node sends an alarm message indicating that the forwarding proof fails to be verified to the controller based on the representational state transfer principle (RESTful). For another example, the key node sends information indicating that the forwarding proof fails to be verified to the controller in the form of a log based on the log management protocol. For example, the key node sends a system logging protocol (Syslog) protocol message to the controller, and the Syslog protocol message carries an alarm message indicating that the forwarding proof fails to be verified. Syslog is a standard UNIX system log management protocol used to send log information generated by a device or application to a remote server. In one possible implementation, the key node outputs the alarm message in the form of an alarm notification. The alarm notification can be sent through SMS, email, instant messaging tools, etc., so that the administrator or network security team can receive it in time and take corresponding countermeasures. In another possible implementation, the key node outputs the alarm message in the form of a log record. For example, the key node_i records the information of the data message_i that fails to be verified in the system log. In another possible implementation, the key node_i sends the alarm message to the controller. The controller provides a visual display of alarm information so that administrators can quickly identify problems and take measures.

在一种可能的实现方式中,响应于确定转发证明通过验证,关键节点进一步转发接收到的数据报文。In one possible implementation, in response to determining that the forwarding proof passes verification, the key node further forwards the received data message.

KZG多项式承诺仅是获取向量承诺的一种可能实现方式,不仅能达到转发证明和位置绑定的效果,还具有效率较高的优点,通过其他方式获取的向量承诺也能达到转发证明和顺序绑定的效果。KZG polynomial commitment is only one possible way to obtain vector commitment. It can not only achieve the effect of forwarding proof and position binding, but also has the advantage of high efficiency. Vector commitment obtained by other means can also achieve the effect of forwarding proof and order binding.

在另一些可能的实现方式中,采用快速Reed-Solomon交互式代数(fast reed-solomon interactive,FRI)承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。FRI承诺是一种承诺机制,在交互式证明系统中用于验证多项式的完整性。它可以快速地验证一个多项式是否满足一组约束条件,而无需逐项计算整个多项式。FRI承诺基于Reed-Solomon编码和交互式证明协议,通过构造多个小规模的Reed-Solomon编码和相关证明,将验证多项式的复杂度大大降低。In some other possible implementations, fast Reed-Solomon interactive (FRI) commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. FRI commitment is a commitment mechanism used to verify the integrity of polynomials in interactive proof systems. It can quickly verify whether a polynomial satisfies a set of constraints without calculating the entire polynomial item by item. FRI commitments are based on Reed-Solomon codes and interactive proof protocols. By constructing multiple small-scale Reed-Solomon codes and related proofs, the complexity of verifying polynomials is greatly reduced.

在另一些可能的实现方式中,采用简洁非交互式知识论证(succinct non-interactive argument of knowledge,SNARK)承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。SNARK承诺是一种用于证明一个计算的正确性和一方所拥有的输入满足特定条件的协议。SNARK证明是非交互式的,即证明者无需与验证者进行交互,只需生成一个证明,并将其发送给验证者。SNARK证明具有紧凑性,证明的大小很小,而且验证时间相对较短。In other possible implementations, succinct non-interactive argument of knowledge (SNARK) commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. SNARK commitments are a protocol for proving the correctness of a computation and that the inputs held by one party satisfy certain conditions. SNARK proofs are non-interactive, meaning that the prover does not need to interact with the verifier, but only needs to generate a proof and send it to the verifier. SNARK proofs are compact, small in size, and relatively short in verification time.

在另一些可能的实现方式中,基于关键节点的身份信息和关键节点的相对位置,采用可扩展透明知识论证(scalable transparent arguments of knowledge,STARK)承诺的方式,获取转发证明或向量承诺;或者采用STARK承诺的方式基于向量承诺验证转发证明。STARK属于一种零知识证明技术,STARK无需可信第三方设置启动,因此更加去中心化和分布式,减少了单点故障对获取转发证明或向量承诺造成的影响,也具有较高的安全性。此外,STARK是后量子安全的,因此采用STARK有助于提高转发证明抵抗量子计算攻击的能力,在保护转发证明以及身份信息的安全性方面更可靠。此外,基于STARK生成的转发证明的数据量相对较小,这意味着证明可以以较少的存储空间进行传输,也在验证效率方面具有优势,如下一跳关键节点或者验证节点能够在相对较短的时间内验证转发证明的有效性。In some other possible implementations, based on the identity information of the key nodes and the relative positions of the key nodes, a scalable transparent arguments of knowledge (STARK) commitment method is used to obtain a forwarding proof or a vector commitment; or a STARK commitment method is used to verify the forwarding proof based on the vector commitment. STARK is a zero-knowledge proof technology. STARK does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proofs or vector commitments, and also has higher security. In addition, STARK is post-quantum secure, so the use of STARK helps to improve the ability of forwarding proofs to resist quantum computing attacks, and is more reliable in protecting the security of forwarding proofs and identity information. In addition, the amount of data of the forwarding proof generated based on STARK is relatively small, which means that the proof can be transmitted with less storage space, and it also has advantages in verification efficiency, such as the next-hop key node or verification node can verify the validity of the forwarding proof in a relatively short time.

在另一些可能的实现方式中,基于关键节点的身份信息和关键节点的相对位置,采用Bulletproof的方式,获取转发证明或向量承诺;或者采用Bulletproof的方式基于向量承诺验证转发证明。Bulletproof属于一种零知识证明技术,Bulletproof是一种在零知识证明中使用的加密原语,用于证明一个数值满足某个关系,并且不需要提供额外的证明信息。Bulletproof也无需可信第三方设置启动,因此更加去中心化和分布式,减少了单点故障对获取转发证明或向量承诺造成的影响,也具有较高的安全性。In some other possible implementations, based on the identity information of key nodes and the relative positions of key nodes, Bulletproof is used to obtain forwarding proof or vector commitment; or Bulletproof is used to verify forwarding proof based on vector commitment. Bulletproof is a zero-knowledge proof technology. Bulletproof is a cryptographic primitive used in zero-knowledge proof to prove that a value satisfies a certain relationship without providing additional proof information. Bulletproof also does not require a trusted third party to set up and start, so it is more decentralized and distributed, reducing the impact of single point failures on obtaining forwarding proof or vector commitment, and also has higher security.

在另一些可能的实现方式中,采用RSA累加器的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。RSA累加器是一种数据结构,用于将一个集合的元素累加到一个累加器中,以便后续验证一个元素是否属于该集合。RSA累加器基于RSA加法同态性质,可以在不公开集合元素的情况下验证累加器中是否包含特定元素。In some other possible implementations, RSA accumulators are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. RSA accumulators are a data structure used to accumulate the elements of a set into an accumulator so as to subsequently verify whether an element belongs to the set. Based on the RSA addition homomorphic property, RSA accumulators can verify whether a specific element is contained in an accumulator without disclosing the elements of the set.

在另一些可能的实现方式中,采用FC函数承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。FC函数承诺是一种承诺机制,用于将输入与函数的计算结果绑定在一起,使得计算结果可以在不暴露输入的情况下被验证。FC函数承诺可以通过零知识证明系统和承诺机制相结合来实现。它可以用于保护计算机隐私和验证计算结果的正确性。In some other possible implementations, FC function commitment is adopted to obtain and verify commitment based on the identity information of key nodes and the relative positions of key nodes. FC function commitment is a commitment mechanism that is used to bind the input with the calculation result of the function so that the calculation result can be verified without exposing the input. FC function commitment can be implemented by combining the zero-knowledge proof system and the commitment mechanism. It can be used to protect computer privacy and verify the correctness of calculation results.

在另一些可能的实现方式中,采用Pedersen承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。Pedersen承诺是一种承诺机制,用于将一个数值或向量承诺到一个隐藏的值。Pedersen承诺基于离散对数困难问题,使得只有知道隐藏值的承诺者,可以在不暴露实际数值的情况下验证承诺的正确性。In some other possible implementations, Pedersen commitment is used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. Pedersen commitment is a commitment mechanism used to commit a value or vector to a hidden value. Pedersen commitment is based on the discrete logarithm problem, so that only the committer who knows the hidden value can verify the correctness of the commitment without revealing the actual value.

在另一些可能的实现方式中,采用默克尔树(merkle tree)承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。默克尔树承诺是一种承诺机制,用于将集合中的多个元素绑定在一个树状结构中。默克尔树通过哈希函数将元素逐级组合并生成根哈希,根哈希就是对整个树的承诺。在验证阶段,只需要知道集合中的某些元素和相关路径上的哈希值,就可以验证元素是否属于树。In some other possible implementations, a merkle tree commitment is used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. Merkle tree commitment is a commitment mechanism used to bind multiple elements in a set into a tree structure. The Merkle tree combines elements level by level through a hash function and generates a root hash, which is a commitment to the entire tree. In the verification phase, only some elements in the set and the hash values on the relevant paths need to be known to verify whether the element belongs to the tree.

在另一些可能的实现方式中,采用沃克尔树(verkle tree)承诺的方式,基于关键节点的身份信息和关键节点的相对位置获取承诺和验证承诺。沃克尔树承诺是一种承诺机制,用于将集合中的多个元素绑定在一个非二元树状结构中。沃克尔树通过多项式承诺将树中从根节点到叶节点的路径承诺,并将多条路径聚合。在验证阶段,只需要知道集合中的某些元素和相关路径上的多项式承诺,就可以验证元素是否属于树。In some other possible implementations, Verkle tree commitments are used to obtain and verify commitments based on the identity information of key nodes and the relative positions of key nodes. Verkle tree commitments are a commitment mechanism used to bind multiple elements in a set into a non-binary tree structure. Verkle tree commits the path from the root node to the leaf node in the tree through polynomial commitments and aggregates multiple paths. In the verification phase, only some elements in the set and the polynomial commitments on the relevant paths need to be known to verify whether the element belongs to the tree.

在另一些可能的实现方式中,基于可聚合签名验证数据报文的来源。例如,数据报文包含数字签名。这个签名可以是上一跳关键节点i-1的签名,也可以是上半段所有节点_1到关键节点i-1的聚合签名。聚合签名的特点是无限多个签名的聚合结果和1个签名的长度等长。已知公钥基础设施(Public Key Infrastructure,PKI)存在,即节点的公开身份已知,关键节点i可以验证这个签名的正确性。In some other possible implementations, the source of the data message is verified based on an aggregatable signature. For example, the data message contains a digital signature. This signature can be the signature of the previous hop key node i-1, or it can be the aggregated signature of all nodes _1 to the key node i-1 in the upper half. The characteristic of the aggregated signature is that the aggregation result of an infinite number of signatures is the same length as one signature. It is known that a public key infrastructure (PKI) exists, that is, the public identity of the node is known, and the key node i can verify the correctness of this signature.

在另一些可能的实现方式中,基于MAC标签的验证数据报文的来源:例如,数据报文包含MAC标签,关键节点i验证MAC标签的正确性。In some other possible implementations, the source of the data message is verified based on the MAC tag: for example, the data message includes a MAC tag, and the key node i verifies the correctness of the MAC tag.

下面针对转发节点计算转发证明的触发条件举例说明。The following is an example of the triggering conditions for calculating the forwarding proof for the forwarding node.

在一种可能的实现中,关键节点_i获得数据报文后,关键节点_i响应于识别出数据报文携带有可信路径标识符,则执行获得转发证明的步骤。数据报文中的报文头包括可信路径标识符。In a possible implementation, after the key node_i obtains the data message, the key node_i performs a step of obtaining a forwarding certificate in response to identifying that the data message carries a trusted path identifier. The message header in the data message includes the trusted path identifier.

所述可信路径标识符用于指示获得转发证明。例如,所述可信路径标识符用于区分关键节点现在是否需要进行转发证明的计算。The trusted path identifier is used to indicate obtaining a forwarding proof. For example, the trusted path identifier is used to distinguish whether a key node needs to perform forwarding proof calculation now.

通过在数据报文的报文头中包含可信路径标识符,支持关键节点根据标识符的有无决定是否需要进行转发证明的计算。例如,如果关键节点_i确定数据报文中没有携带可信路径标识符,关键节点_i使用原有的转发机制,而不需要计算转发证明。具体地,报文头中包含可信路径标识符达到的效果包括而不限于下述几个方面。By including a trusted path identifier in the header of a data message, a key node is supported to determine whether to calculate a forwarding proof based on the presence or absence of the identifier. For example, if key node_i determines that the data message does not carry a trusted path identifier, key node_i uses the original forwarding mechanism without calculating a forwarding proof. Specifically, the effects achieved by including a trusted path identifier in the message header include but are not limited to the following aspects.

第一,提高灵活性。具体地,可信路径标识符提供了一个可选择的机制,允许关键节点根据具体需求和需求的变化来确定是否需要进行转发证明的计算,从而提高灵活性和可扩展性。First, improve flexibility. Specifically, the trusted path identifier provides an optional mechanism that allows key nodes to determine whether to perform forwarding proof calculations based on specific needs and changes in needs, thereby improving flexibility and scalability.

第二,简化配置,减少配置错误的可能性。相较于采用静态配置的方式在关键节点上配置针对哪些报文生成转发证明的方式而言,数据报文的报文头中包含可信路径标识符的方式使得无需在关键节点上预先配置针对哪些报文需要生成转发证明,从而简化了配置流程,减少了配置的复杂性。此外,也降低人工配置时遗漏配置针对某些报文获得转发证明的任务的概率。Second, simplify the configuration and reduce the possibility of configuration errors. Compared with the static configuration method to configure which messages need to generate forwarding proofs on key nodes, the method of including trusted path identifiers in the message header of the data message makes it unnecessary to pre-configure which messages need to generate forwarding proofs on key nodes, thereby simplifying the configuration process and reducing the complexity of configuration. In addition, it also reduces the probability of missing the task of obtaining forwarding proofs for certain messages during manual configuration.

第三,节省计算资源:在数据报文中没有携带可信路径标识符的情况下,关键节点可以确定不需要进行转发证明的计算,从而可以节省计算资源和时间,从而提高整体的网络性能和效率。Third, save computing resources: When the trusted path identifier is not carried in the data message, the key nodes can determine that there is no need to perform forwarding proof calculations, thereby saving computing resources and time, thereby improving overall network performance and efficiency.

在另一种可能的实现中,关键节点_i获得数据报文后,关键节点_i识别数据报文中携带的业务类型;响应于识别出数据报文携带有特定业务类型的数据,则执行获得转发证明的步骤,从而实现对特定业务的转发证明。例如,关键节点_i响应于识别出数据报文包含业务功能链协议中的网络服务头(network service header,NSH),确定数据报文携带有业务功能链的数据,则执行获得转发证明的步骤。又如,关键节点_i对数据报文中的载荷数据进行应用识别,得到载荷数据对应的应用类型。响应于该应用类型为目标应用,则执行获得转发证明的步骤。通过针对特定业务执行获得转发证明的步骤,达到的效果包括而不限于下述几个方面。In another possible implementation, after key node_i obtains a data message, key node_i identifies the service type carried in the data message; in response to identifying that the data message carries data of a specific service type, the step of obtaining a forwarding certificate is executed, thereby realizing a forwarding certificate for a specific service. For example, in response to identifying that the data message contains a network service header (NSH) in the service function chain protocol, key node_i determines that the data message carries data of the service function chain, and then executes the step of obtaining a forwarding certificate. For another example, key node_i performs application identification on the payload data in the data message to obtain the application type corresponding to the payload data. In response to the application type being a target application, the step of obtaining a forwarding certificate is executed. By executing the step of obtaining a forwarding certificate for a specific service, the effects achieved include but are not limited to the following aspects.

第一,灵活、精确地匹配业务需求。通过基于报文中是否包含了与特定业务相关的数据来判断是否计算转发证明,使得与特定业务相关的数据才需要进行转发证明的计算,从而灵活地根据不同业务的需求进行转发证明的计算。这样可以实现对不同业务的个性化转发证明需求的满足,提高了网络的灵活性和可定制性。First, it can flexibly and accurately match business requirements. By determining whether to calculate the forwarding proof based on whether the message contains data related to a specific business, only the data related to a specific business needs to be calculated for the forwarding proof, thereby flexibly calculating the forwarding proof according to the needs of different businesses. This can meet the personalized forwarding proof requirements of different businesses and improve the flexibility and customizability of the network.

第二,简化配置,减少配置错误的可能性。相较于采用静态配置的方式在关键节点上配置针对哪些报文生成转发证明的方式而言,由关键节点通过对数据报文携带的业务进行识别来自动确定是否生成转发证明,无需在关键节点上预先配置针对哪些报文需要生成转发证明,从而简化了配置流程,减少了配置的复杂性。此外,也降低人工配置时遗漏配置针对某些报文获得转发证明的任务的概率。Second, simplify the configuration and reduce the possibility of configuration errors. Compared with the static configuration method to configure which messages to generate forwarding proofs for on key nodes, the key nodes automatically determine whether to generate forwarding proofs by identifying the services carried by the data messages. There is no need to pre-configure which messages need to generate forwarding proofs on key nodes, thereby simplifying the configuration process and reducing the complexity of configuration. In addition, it also reduces the probability of missing the task of obtaining forwarding proofs for certain messages during manual configuration.

第三,节省计算资源:在数据报文中没有携带与特定业务相关的数据的情况下,关键节点可以确定不需要进行转发证明的计算,从而避免对其他不需要计算证明的数据浪费计算资源,节省计算资源和时间,提高整体的网络性能和效率。Third, save computing resources: When the data message does not carry data related to a specific business, the key node can determine that there is no need to perform forwarding proof calculations, thereby avoiding wasting computing resources on other data that does not require proof calculations, saving computing resources and time, and improving overall network performance and efficiency.

在另一种可能的实现中,关键节点_i获得数据报文后,关键节点_i响应于识别出数据报文包含特定隧道中每个节点的标识,则执行获得转发证明的步骤,以便验证数据报文是否经过特定隧道转发。例如,应用于SRv6场景,关键节点_i响应于识别出数据报文携带段列表(segment list),则执行获得转发证明的步骤。又如,应用于MPLS场景,关键节点_i响应于识别出数据报文携带标签栈,则执行获得转发证明的步骤。In another possible implementation, after the key node_i obtains the data message, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message contains the identifier of each node in the specific tunnel, so as to verify whether the data message is forwarded through the specific tunnel. For example, when applied to the SRv6 scenario, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message carries a segment list. For another example, when applied to the MPLS scenario, the key node_i performs the step of obtaining the forwarding proof in response to identifying that the data message carries a label stack.

下面结合两个具体应用场景下的实例,对上述方法举例说明。The above method is illustrated below with reference to two specific application scenarios.

实例1、基于KZG多项式证明的业务功能链(service function chaining,SFC)可信路径保护机制。Example 1: Service function chaining (SFC) trusted path protection mechanism based on KZG polynomial proof.

实例1中业务功能链是转发路径的具体示例,SF或SFC代理是转发节点(关键节点)的具体示例,实例1中NSH是携带向量承诺和转发证明的报文头的具体示例,实例1中SF_from是关键节点的身份信息的具体示例。KZG多项式承诺是向量承诺的具体示例。In Example 1, the service function chain is a specific example of a forwarding path, the SF or SFC agent is a specific example of a forwarding node (key node), the NSH in Example 1 is a specific example of a message header carrying a vector commitment and a forwarding proof, and the SF_from in Example 1 is a specific example of the identity information of a key node. The KZG polynomial commitment is a specific example of a vector commitment.

业务功能链是一种有序的业务功能集合,业务功能链用于引导各个业务功能按需有序地处理流量。业务功能链主要应用于NFV虚拟网络。如图6所示,网络设备根据使用的功能的不同在整个业务功能链的体系中扮演不同的角色。业务功能链的角色主要包括分类器(service classifier,SC)、业务功能(service function,SF)节点、业务功能转发节点(service function Forwarder,SFF)节点以及SFC代理(SFC proxy)节点。The service function chain is an ordered set of service functions. The service function chain is used to guide each service function to process traffic in an orderly manner on demand. The service function chain is mainly used in NFV virtual networks. As shown in Figure 6, network devices play different roles in the entire service function chain system according to the different functions used. The roles of the service function chain mainly include classifier (SC), service function (SF) node, service function forwarder (SFF) node and SFC proxy (SFC proxy) node.

分类器(SC)位于SFC域的边界入口,报文进入SFC域后会首先进行流量分类,并设置业务标识和封装业务报文头。The classifier (SC) is located at the boundary entrance of the SFC domain. After the message enters the SFC domain, it will first perform traffic classification, set the service identifier and encapsulate the service message header.

SF节点用于提供业务处理服务。SF节点包括而不限于防火墙(fire wall,FW)、负载均衡(load balancer,LB)、入侵防御系统(intrusion prevention system,IPS)、应用加速器、网络地址转换(network address translation,NAT)、Web应用防护系统(Web application firewall,WAF,也称为网站应用级入侵防御系统)、带宽控制、病毒检测、云存储、深度包检测(deep packet inspection,DPI)、入侵检测、超文本传输协议(hyper text transfer protocol,HTTP)头部增强(HTTP header enrichment)等。在业务功能链中,网络流量需要按照业务逻辑所要求的既定顺序经过各个SF节点,从而实现所需要的业务。SF nodes are used to provide business processing services. SF nodes include but are not limited to firewalls (firewall, FW), load balancing (load balancing, LB), intrusion prevention systems (intrusion prevention systems, IPS), application accelerators, network address translation (network address translation, NAT), Web application firewall (Web application firewall, WAF, also known as website application-level intrusion prevention system), bandwidth control, virus detection, cloud storage, deep packet inspection (deep packet inspection, DPI), intrusion detection, hypertext transfer protocol (hyper text transfer protocol, HTTP) header enrichment (HTTP header enrichment), etc. In the business function chain, network traffic needs to pass through each SF node in the established order required by the business logic to achieve the required business.

根据设备是否识别网络服务头(network service header,NSH)报文封装,SF节点又可以分为感知NSH(NSH-aware SF)的SF节点和不感知NSH的SF(NSH-unaware SF)节点。NSH-aware SF节点能够识别NSH报文并转发,NSH-unaware SF节点不能识别NSH报文将其丢弃。According to whether the device recognizes the network service header (NSH) message encapsulation, SF nodes can be divided into NSH-aware SF nodes and NSH-unaware SF nodes. NSH-aware SF nodes can recognize NSH messages and forward them, while NSH-unaware SF nodes cannot recognize NSH messages and discard them.

SFF节点为连接SF服务功能点的设备。SFF节点用于识别业务流信息,根椐业务流信息进行转发。The SFF node is a device connected to the SF service function point. The SFF node is used to identify the service flow information and forward it based on the service flow information.

SFC Proxy节点位于SFF节点以及该SFF节点关联的NSH-unaware SF节点之间,用于为NSH-unaware SF删除或添加NSH封装信息。The SFC Proxy node is located between the SFF node and the NSH-unaware SF node associated with the SFF node, and is used to delete or add NSH encapsulation information for the NSH-unaware SF.

在业务功能链场景中,如何保证流量根据指定的网络路径转发是一项关键技术难题。本实施例中,由NSH-aware SF或者SFC Proxy作为关键节点,利用KZG多项式承诺构造向量承诺,使用SFC中的报文头NSH携带与可信路径相关信息。In the business function chain scenario, how to ensure that traffic is forwarded according to the specified network path is a key technical problem. In this embodiment, NSH-aware SF or SFC Proxy is used as the key node, and the vector commitment is constructed using KZG polynomial commitment, and the message header NSH in SFC is used to carry information related to the trusted path.

下面对携带有可信路径相关信息的报文头NSH的格式举例说明。The following is an example of the format of the message header NSH that carries the trusted path related information.

NSH是用来标识SFC协议的报文头。NSH满足一定的固定格式,且留出了可拓展的可选变长元数据(Optional Variable-length Metadata,OVLM)的数据域。本实施例就在OVLM中实现可信路径报文头。NSH is a message header used to identify the SFC protocol. NSH meets a certain fixed format and leaves an extensible optional variable-length metadata (OVLM) data field. This embodiment implements the trusted path message header in OVLM.

图7中的(a)示出了业务功能链场景下数据报文整体的封装格式,数据报文包括原始报文、传输层封装(transport encapsulation)以及网络服务头(NSH)。原始报文(original packet)是数据报文中的载荷,原始报文携带被承载的业务数据。传输层封装包括传输层协议(比如TLS)的内容。下面对NSH的格式举例说明。(a) in Figure 7 shows the overall encapsulation format of the data message in the business function chain scenario. The data message includes the original message, transport layer encapsulation (transport encapsulation) and the network service header (NSH). The original message (original packet) is the payload in the data message, and the original message carries the business data being carried. The transport layer encapsulation includes the content of the transport layer protocol (such as TLS). The following is an example of the format of NSH.

如图7中的(b)所示,NSH包括一个4字节的基础头(base header)以及4字节的服务路径头(service path header);base header提供基本的标识符。服务路径头(service path header)提供路径识别符和在当前路径中的位置。可选地,NSH还包括语义头(context header)。语义头(context header)包括可拓展的可选变长元数据(optional variable-length metadata,OVLM)字段。As shown in (b) of Figure 7, NSH includes a 4-byte base header and a 4-byte service path header; the base header provides a basic identifier. The service path header provides a path identifier and a position in the current path. Optionally, NSH also includes a context header. The context header includes an extensible optional variable-length metadata (OVLM) field.

如图7中的(c)所示,服务路径头(service path header)中包括服务索引(service index,SI)和服务路径标识(service path identifier,SPI)。SPI占24比特。服务索引(SI)指示数据报文在转发路径当前所处的位置,SI占8比特。服务路径头(service path header)的格式如图7所示。在一种可能的实现中,SF节点_i获取service path header携带的SI字段的值,将SI字段的值作为本节点的位置_i,基于位置_i计算本节点的转发证明p_i。由于SI取值范围是从255到0逐次按1递减,所以x_i=256-SI。As shown in (c) of Figure 7, the service path header includes a service index (SI) and a service path identifier (SPI). The SPI occupies 24 bits. The service index (SI) indicates the current position of the data message in the forwarding path, and the SI occupies 8 bits. The format of the service path header is shown in Figure 7. In a possible implementation, SF node _i obtains the value of the SI field carried by the service path header, uses the value of the SI field as the position _i of this node, and calculates the forwarding proof p_i of this node based on the position _i. Since the SI value range is from 255 to 0 and decreases by 1, x_i = 256-SI.

在一种可能的实现中,控制器在选定了一条可信路径并针对该可信路径计算承诺C后,控制器在区块链或其他分布式共享数据库中公存储SPI与承诺C之间的对应关系,SPI作为查找承诺C所基于的主键。In one possible implementation, after the controller selects a trusted path and calculates commitment C for the trusted path, the controller publicly stores the correspondence between SPI and commitment C in a blockchain or other distributed shared database, and SPI serves as a primary key based on which commitment C is searched.

如图7中的(d)所示,语义头(context header)用于携带可信路径相关的值。context header包括承诺C以及转发证明p_i等。context header包括元数据类(metadata class)字段、类型(type)字段、长度(length)字段以及变长元数据(variable-length metadata)字段。变长元数据(variable-length metadata)是一个可变长度的字段,用于携带与特定服务或功能相关的元数据。长度字段用于指示变长元数据(variable-length metadata)字段的长度。在一些实施方式中,通过变长元数据字段携带可信路径相关的数据,例如,通过变长元数据字段携带承诺、转发证明、身份信息和相对位置这四种数据。As shown in (d) in Figure 7, the context header is used to carry values related to the trusted path. The context header includes a commitment C and a forwarding proof p_i, etc. The context header includes a metadata class field, a type field, a length field, and a variable-length metadata field. Variable-length metadata is a variable-length field used to carry metadata related to a specific service or function. The length field is used to indicate the length of the variable-length metadata field. In some embodiments, data related to the trusted path is carried by a variable-length metadata field, for example, four types of data, namely, commitment, forwarding proof, identity information, and relative position, are carried by a variable-length metadata field.

在业务功能链场景下,上文描述的三种转发证明的验证模式包括实时验证(postcard)模式、随路验证(passport)模式、终点验证(final_only)模式都可以使用,本实施例中选择效率和安全性比较适中的随路验证模式中的单点证明的验证模式进行分析:In the business function chain scenario, the three forwarding proof verification modes described above include real-time verification (postcard) mode, on-path verification (passport) mode, and end-point verification (final_only) mode. In this embodiment, the single-point proof verification mode in the on-path verification mode with moderate efficiency and security is selected for analysis:

对于随路验证模式中的单点证明验证模式,每个数据报文的变长元数据(variable-length metadata)字段中携带承诺(commitment)、转发证明、上一跳SF节点的标识以及实际顺序位置列表。例如,在如图7中的(d)所示的变长元数据字段包括commitment字段、P字段、SF_from字段以及real_index_list字段,使得变长元数据字段的格式如下表所示。
For the single-point proof verification mode in the path verification mode, the variable-length metadata field of each data packet carries a commitment, a forwarding proof, an identifier of the previous SF node, and a list of actual sequential positions. For example, the variable-length metadata field shown in (d) of FIG. 7 includes a commitment field, a P field, a SF_from field, and a real_index_list field, so that the format of the variable-length metadata field is as shown in the following table.

commitment字段用于携带承诺。P字段用于携带转发证明。承诺以及转发证明都是1个可配对友好曲线(pairing friendly curve)的G1群元素,所以commitment字段以及P字段均在报文中占用一个元素的字节长度(elem_length)。The commitment field is used to carry the commitment. The P field is used to carry the forwarding proof. Both the commitment and the forwarding proof are G1 group elements of a pairing friendly curve, so the commitment field and the P field both occupy the byte length of one element (elem_length) in the message.

可配对友好曲线是一类椭圆曲线群,具有特定的数学性质,适合进行配对运算。在密码学中,配对运算(pairing)是指将两个椭圆曲线上的点映射到一个有限域上的元素。在使用曲线curve_ID=BLS-12381的情况下,elem_length=48字节,换句话说,commitment字段以及P字段均为48字节。Pairable friendly curves are a type of elliptic curve group with specific mathematical properties that are suitable for pairing operations. In cryptography, pairing refers to mapping points on two elliptic curves to elements on a finite field. When using curve curve_ID = BLS-12381, elem_length = 48 bytes. In other words, both the commitment field and the P field are 48 bytes.

SF_from字段用于携带上一跳SF节点的标识。SF_from字段携带的上一跳SF节点的标识是明文的形式。在一些实施方式中,SF节点_i接收上一跳SF节点_i-1发送的上一跳SF节点的标识符,将上一跳SF节点的标识符写入至SF_from字段。在另一种可能的实现方式中,SF节点_i接收来自SFC服务层的上一跳SF节点的标识符,将上一跳SF节点的标识符写入至SF_from字段。The SF_from field is used to carry the identifier of the previous hop SF node. The identifier of the previous hop SF node carried by the SF_from field is in plain text. In some embodiments, SF node_i receives the identifier of the previous hop SF node sent by the previous hop SF node_i-1, and writes the identifier of the previous hop SF node into the SF_from field. In another possible implementation, SF node_i receives the identifier of the previous hop SF node from the SFC service layer, and writes the identifier of the previous hop SF node into the SF_from field.

SF_ident_length字段用于指示SF_from字段的长度。SF_from字段例如以字节为单位。The SF_ident_length field is used to indicate the length of the SF_from field. The SF_from field is in bytes, for example.

real_index_list字段用于携带实际顺序位置列表。例如,real_index_list字段携带转发路径中每个作为关键节点的SF节点在实际转发路径中的顺序位置。例如,real_index_list字段携带转发路径中每个作为关键节点的SF节点的TTL。The real_index_list field is used to carry the actual sequential position list. For example, the real_index_list field carries the sequential position of each SF node that is a key node in the forwarding path in the actual forwarding path. For example, the real_index_list field carries the TTL of each SF node that is a key node in the forwarding path.

下面对SFC场景下应用随路验证模式进行路径验证各个节点执行的步骤举例说明。The following example illustrates the steps performed by each node in the path verification mode in the SFC scenario.

控制器基于网络拓扑进行路径计算,以确定一条长度为N的转发路径,该转发路径经过业务功能链中N个SF节点。转发路径可通过向量P=(r_1,r_2,…,r_N)表征,其中,r_i是SF节点的唯一身份标识符。控制器基于转发路径计算向量承诺。The controller performs path calculation based on the network topology to determine a forwarding path of length N, which passes through N SF nodes in the service function chain. The forwarding path can be represented by a vector P = (r_1, r_2, ..., r_N), where r_i is the unique identifier of the SF node. The controller calculates the vector commitment based on the forwarding path.

以采用KZG多项式承诺为例,控制器将向量P转化为N个二维坐标的点<(1,r_1),(2,r_2),…,(N,r_N)>。控制器采用如下公式(1)计算这N个点的拉格朗日插值多项式f(X)。在公式(1)中,x_i表示SF节点_i的相对位置,y_i表示SF节点_i的身份信息。
Taking the KZG polynomial commitment as an example, the controller transforms the vector P into N two-dimensional coordinate points <(1,r_1),(2,r_2),…,(N,r_N)>. The controller uses the following formula (1) to calculate the Lagrange interpolation polynomial f(X) of these N points. In formula (1), x_i represents the relative position of SF node_i, and y_i represents the identity information of SF node_i.

控制器采用公式(2)计算秘密s,从而实现秘密初始化。在公式(2)中,g是群生成元。
s,s2],...,[sN],where[si]=i*s;公式(2)The controller calculates the secret s using formula (2) to achieve secret initialization. In formula (2), g is the group generator.
s,s2],...,[s N ], where[s i ]= i*s ; Formula (2)

控制器采用公式(3),基于拉格朗日插值多项式f(X)以及秘密s,计算多项式的承诺C=Commit(f(X)),承诺C为一个长度为48字节的G1群元素。控制器将向量承诺发送给转发路径中第一个SF节点。
The controller uses formula (3) to calculate the polynomial commitment C = Commit(f(X)) based on the Lagrange interpolation polynomial f(X) and the secret s. Commitment C is a G1 group element with a length of 48 bytes. The controller sends the vector commitment to the first SF node in the forwarding path.

在第一个SF节点执行数据传输的过程中,在第一个SF节点为关键节点的情况下,第一个SF节点接收来自控制器的向量承诺;第一个SF节点基于载荷数据构建一个新的数据报文。数据报文的载荷字段携带载荷数据。第一个SF节点利用open函数采用如下公式(4)计算本节点的单点转发证明OP_1。
OPi=p[f(xi)=yi]=CT
        公式(4)During the data transmission process of the first SF node, when the first SF node is a key node, the first SF node receives the vector commitment from the controller; the first SF node constructs a new data message based on the payload data. The payload field of the data message carries the payload data. The first SF node uses the open function to calculate the single-point forwarding proof OP_1 of this node using the following formula (4).
OP i =p[f(x i )=y i ]=CT
Formula (4)

C_T是N-1阶的辅助多项式T_y(X)的承诺。辅助多项式T_y(X)基于如下公式(5)确定。
C_T is the commitment of the auxiliary polynomial T_y(X) of order N-1. The auxiliary polynomial T_y(X) is determined based on the following formula (5).

新系数通过如下公式(6)确定。
tN-1=fN;tj=fj+1+xi·tj+1
          ;公式(6)The new coefficient is determined by the following formula (6).
t N-1 =f N ;t j =f j+1 +x i ·t j+1
;Formula (6)

第一个SF节点采用如下公式(7)计算单点转发证明OP_1。
OPi=[Ty(s)]1
;公式(7)The first SF node uses the following formula (7) to calculate the single-point forwarding proof OP_1.
OP i = [T y (s)] 1
;Formula (7)

第一个SF节点将单点转发证明OP_1填入NSH的字段P中,第一个SF节点将本节点的身份信息填入NSH中的SF_from字段中,将向量承诺C填入NSH中的commitment字段中,以得到数据报文_2。第一个SF节点向第二个SF节点发送数据报文_2。The first SF node fills the single-point forwarding proof OP_1 into the field P of NSH, fills the identity information of the first SF node into the SF_from field in NSH, and fills the vector commitment C into the commitment field in NSH to obtain data message _2. The first SF node sends data message _2 to the second SF node.

在第i个SF节点执行数据传输的过程中,在第i个SF节点为关键节点的情况下,SF节点_i接收数据报文_i,数据报文_i包含一个NSH,该NSH携带可信路径标识符、当前处理此数据报文的SF节点_i的身份信息r_i、SF节点_i在预期转发路径中的顺序位置i以及上一个SF节点的单点转发证明OP_i-1。SF节点_i在预期转发路径中的顺序位置i是基于SI获得的。SF节点_i根据上一个SF节点_i-1的身份信息以及上一个SF节点_i-1在预期转发路径中的顺序位置i,验证数据报文_i的NSH携带的单点转发证明OP_i-1,从而验证数据报文_i的来源。验证方法是基于检查以下公式(8)中的pairing是否成立。
During the data transmission performed by the i-th SF node, when the i-th SF node is a key node, SF node_i receives data message_i, and data message_i contains an NSH, which carries a trusted path identifier, the identity information r_i of the SF node_i currently processing this data message, the sequence position i of SF node_i in the expected forwarding path, and the single-point forwarding proof OP_i-1 of the previous SF node. The sequence position i of SF node_i in the expected forwarding path is obtained based on SI. SF node_i verifies the single-point forwarding proof OP_i-1 carried by the NSH of data message_i based on the identity information of the previous SF node_i-1 and the sequence position i of the previous SF node_i-1 in the expected forwarding path, thereby verifying the source of data message_i. The verification method is based on checking whether the pairing in the following formula (8) is established.

公式(8)为转发证明的验证公式。e(G_1,G_2)->G_T是一个公开的pairing函数,g_1,g_2分别是生成元(都是预分发的公开参数/函数),如果SF节点_i确定公式(8)中的pairing不成立,则确定上一个SF节点的单点转发证明OP_i-1验证不通过。如果SF节点_i确定公式(8)中的pairing成立,SF节点_i确定上一个SF节点的单点转发证明OP_i-1验证通过。Formula (8) is the verification formula of the forwarding proof. e(G_1,G_2)->G_T is a public pairing function, g_1, g_2 are generators (both pre-distributed public parameters/functions), if SF node_i determines that the pairing in formula (8) does not hold, then it is determined that the single-point forwarding proof OP_i-1 of the previous SF node has failed the verification. If SF node_i determines that the pairing in formula (8) holds, SF node_i determines that the single-point forwarding proof OP_i-1 of the previous SF node has passed the verification.

如果上一个SF节点的单点转发证明OP_i-1验证通过,SF节点_i利用本节点的身份信息r_i和在本节点在预期转发路径中的顺序位置i作为输入,利用公式(4),计算一个新的单点转发证明OP_i。SF节点_i使用自己计算的单点转发证明OP_i替换数据报文的报文头携带的上一个SF节点的转发证明OP_i-1。If the single-point forwarding proof OP_i-1 of the previous SF node is verified, SF node _i uses the identity information r_i of this node and the sequence position i of this node in the expected forwarding path as input, and uses formula (4) to calculate a new single-point forwarding proof OP_i. SF node _i uses the single-point forwarding proof OP_i calculated by itself to replace the forwarding proof OP_i-1 of the previous SF node carried in the header of the data message.

此外,SF节点_i确定本节点在实际转发路径中的顺序位置,例如SF节点_i读取数据报文的报文头中携带的TTL,基于TTL确定本节点在实际转发路径中的顺序位置;SF节点_i将本节点在实际转发路径中的顺序位置填入数据报文的NSH携带的实际顺序位置列表中。In addition, SF node_i determines the sequential position of this node in the actual forwarding path. For example, SF node_i reads the TTL carried in the message header of the data message, and determines the sequential position of this node in the actual forwarding path based on the TTL; SF node_i fills the sequential position of this node in the actual forwarding path into the actual sequential position list carried by the NSH of the data message.

此外,如果数据报文携带的上一个SF节点的单点转发证明OP_i-1验证不通过,SF节点_i丢弃数据报文或者输出告警信息。In addition, if the single-point forwarding certificate OP_i-1 of the previous SF node carried by the data message fails to pass the verification, SF node_i discards the data message or outputs an alarm message.

实例2、面向SRv6的可信路径保护机制Example 2: Trusted Path Protection Mechanism for SRv6

实例2中segment list指示的路径是转发路径的具体示例。实例2中segment list中SID对应的节点(SR节点)是转发节点的具体示例,SID是身份信息的具体示例,关键节点i的SID用于标识关键节点i的身份,实例2中SRH是携带向量承诺和转发证明的报文头的具体示例。SRv6是一种基于IPv6转发平面的分段路由技术。SRv6在IPv6报文中新增了SRH。SRH中包括记录转发路径的IPv6地址列表segment list和可选的TLV(Type-length-Value)。The path indicated by the segment list in Example 2 is a specific example of a forwarding path. The node (SR node) corresponding to the SID in the segment list in Example 2 is a specific example of a forwarding node. The SID is a specific example of identity information. The SID of key node i is used to identify the identity of key node i. The SRH in Example 2 is a specific example of a message header carrying vector commitment and forwarding proof. SRv6 is a segment routing technology based on the IPv6 forwarding plane. SRv6 adds SRH to IPv6 messages. SRH includes the IPv6 address list segment list that records the forwarding path and optional TLV (Type-length-Value).

在一些实施方式中,使用SID携带关键节点在预期转发路径的顺序位置。如附图8所示,SID包括位置(locator)字段以及功能(function)字段。locator字段用于携带关键节点在预期转发路径的顺序位置。locator字段具有定位功能,提供IPv6的路由能力,报文通过locator字段实现寻址转发。关键节点i基于本节点的SID中的locator字段,使用SRv6协议,计算关键节点i在预期转发路径的顺序位置。In some embodiments, SID is used to carry the sequential position of the key node in the expected forwarding path. As shown in Figure 8, SID includes a location (locator) field and a function (function) field. The locator field is used to carry the sequential position of the key node in the expected forwarding path. The locator field has a positioning function and provides IPv6 routing capabilities. The message is addressed and forwarded through the locator field. Based on the locator field in the SID of this node, the key node i uses the SRv6 protocol to calculate the sequential position of the key node i in the expected forwarding path.

function字段用来携带指示转发节点要执行的转发动作,不同的转发行为由不同的function来表达。在function字段扩展一个可信路径标识符。arguments字段是可选字段,arguments字段是对function的补充,是指令在执行时对应的参数,这些参数可能包含流、服务或任何其他相关的信息。在一种可能的实现中,在SID的arguments字段中携带可信路径的公开参数,从而不需在控制面预分发可信路径的公开参数。The function field is used to carry instructions for the forwarding action to be performed by the forwarding node. Different forwarding behaviors are expressed by different functions. A trusted path identifier is extended in the function field. The arguments field is an optional field. The arguments field is a supplement to the function and is the parameters corresponding to the instruction when it is executed. These parameters may contain flows, services, or any other related information. In one possible implementation, the public parameters of the trusted path are carried in the arguments field of the SID, so that the public parameters of the trusted path do not need to be pre-distributed on the control plane.

通过将多个SID组合起来形成一条segment list。segment list用于指示n个IPv6网络节点有序排列得到的IPv6路径。报文转发时,转发节点基于segment list字段、源地址(source address,SA)和终点地址(destination address,DA)共同确定报文的转发路径P=(r_1,r_2,…,r_N)。A segment list is formed by combining multiple SIDs. The segment list is used to indicate the IPv6 path obtained by orderly arranging n IPv6 network nodes. When forwarding a message, the forwarding node determines the forwarding path P = (r_1, r_2, ..., r_N) of the message based on the segment list field, source address (SA) and destination address (DA).

对于SRv6这种可携带路径信息以及路径中的节点的地址的灵活协议,适合用于实现随路验证模式中的多点证明的验证模式和终点验证模式中的多点证明的验证模式。SRv6, a flexible protocol that can carry path information and addresses of nodes in the path, is suitable for implementing the multi-point certification verification mode in the on-path verification mode and the multi-point certification verification mode in the endpoint verification mode.

针对随路验证模式中的多点证明的验证模式,与实例1不同的是,实例1中在数据报文中添加了上一个节点的标识(SF_from),而实例2中每个数据报文由于segment list中已经包括了上一个节点的标识(SID),所以无需在TLV字段中添加上一个节点的标识(SID)。具体地,向数据报文的SRH中的TLV添加承诺(commitment)字段、证明(P,具体为多点证明)字段以及real_index_list字段。由于SRv6中的节点标识(SID)是IPv6地址,IPv6地址的长度为128位,所以也不需要在报文头中额外加入用于标识节点标识的长度的字段,因此报文头格式如下所示。
Regarding the multi-point proof verification mode in the in-path verification mode, the difference from Example 1 is that in Example 1, the identifier of the previous node (SF_from) is added to the data message, while in Example 2, each data message already includes the identifier of the previous node (SID) in the segment list, so there is no need to add the identifier of the previous node (SID) in the TLV field. Specifically, a commitment field, a proof (P, specifically a multi-point proof) field, and a real_index_list field are added to the TLV in the SRH of the data message. Since the node identifier (SID) in SRv6 is an IPv6 address, and the length of the IPv6 address is 128 bits, there is no need to add an additional field in the message header to identify the length of the node identifier, so the message header format is as follows.

承诺(commitment)和转发证明(P)都是1个可配对友好曲线(pairing Friendly Curve)的G1群元素,所以用一个元素的字节长度(elem_length)表示承诺(commitment)和转发证明(P)。在使用曲线curve_ID=BLS-12381的情况下,承诺(commitment)和转发证明(P)长度均为48字节。real_index_list字段用于携带实际顺序位置列表。例如,real_index_list字段携带转发路径中每个作为关键节点的SR节点在实际转发路径中的顺序位置。例如,real_index_list字段携带转发路径中每个作为关键节点的SR节点的TTL。Commitment and forwarding proof (P) are both G1 group elements of a pairing Friendly Curve, so the byte length (elem_length) of one element is used to represent commitment and forwarding proof (P). In the case of using curve curve_ID = BLS-12381, the length of commitment and forwarding proof (P) is 48 bytes. The real_index_list field is used to carry the actual sequential position list. For example, the real_index_list field carries the sequential position of each SR node that is a key node in the forwarding path in the actual forwarding path. For example, the real_index_list field carries the TTL of each SR node that is a key node in the forwarding path.

下面对SRv6场景下应用随路验证模式进行路径验证各个节点执行的步骤举例说明。The following example illustrates the steps that each node performs when applying the path verification mode in the SRv6 scenario.

控制器基于网络拓扑进行路径计算,以确定一条长度为N的segment list,segment list用于表征预期转发路径。segment list包括N个SR节点中每个SR节点的SID。segment list可通过向量P=(r_1,r_2,…,r_N)表征,其中,r_i是SR节点的SID。控制器基于segment list计算向量承诺。控制器向关键节点1发送向量承诺,以便关键节点1将向量承诺携带在数据报文中从而沿途传递给每个SR节点,进而支持每个SR节点利用从数据报文中获得的向量承诺进行路径验证。或者,控制器向N个SR节点中每个SR节点发送向量承诺,以便每个SR节点利用从控制器接收到的向量承诺进行路径验证。The controller performs path calculation based on the network topology to determine a segment list of length N, which is used to represent the expected forwarding path. The segment list includes the SID of each SR node in the N SR nodes. The segment list can be represented by a vector P = (r_1, r_2, ..., r_N), where r_i is the SID of the SR node. The controller calculates the vector commitment based on the segment list. The controller sends the vector commitment to the key node 1 so that the key node 1 carries the vector commitment in the data message and passes it to each SR node along the way, thereby supporting each SR node to perform path verification using the vector commitment obtained from the data message. Alternatively, the controller sends the vector commitment to each SR node in the N SR nodes so that each SR node performs path verification using the vector commitment received from the controller.

在关键节点1执行数据传输的过程中,在关键节点1为关键节点的情况下,关键节点1接收来自控制器的向量承诺;关键节点1基于载荷数据构建一个新的数据报文。数据报文的载荷字段携带载荷数据。关键节点1利用批量打开(batchopen)函数计算本节点的多点转发证明MP_1。关键节点1将本节点的转发证明MP_1添加至SRH中的TLV中的P字段。关键节点1向第二个SR节点发送数据报文_2。数据报文_2包含SRH,SRH包括可信路径标识符以及关键节点1的转发证明。During the data transmission performed by key node 1, when key node 1 is a key node, key node 1 receives a vector commitment from the controller; key node 1 constructs a new data message based on the payload data. The payload field of the data message carries the payload data. Key node 1 calculates the multi-point forwarding proof MP_1 of this node using the batchopen function. Key node 1 adds the forwarding proof MP_1 of this node to the P field in the TLV in the SRH. Key node 1 sends data message _2 to the second SR node. Data message _2 includes SRH, which includes a trusted path identifier and the forwarding proof of key node 1.

在第i个SR节点执行数据传输的过程中,SR节点_i接收数据报文_i,数据报文_i包含一个SRH,该SRH携带可信路径标识符、关键节点1_1至第i个作为关键节点的SR节点_i中每个SR节点的身份信息、关键节点1_1至第i个作为关键节点的SR节点_i中每个SR节点在预期转发路径中的顺序位置。示例性地,关键节点1_1至第i个作为关键节点的SR节点_i中每个SR节点在预期转发路径中的顺序位置是正整数1、2、3…。示例性地,SR节点在预期转发路径中的顺序位置通过SID中的locator字段获得。在第i个SR节点为关键节点的情况下,SR节点_i根据从关键节点1_1至第(i-1)个SR节点中每个SR节点的身份信息、从关键节点1_1至第(i-1)个SR节点中每个SR节点在预期转发路径中的顺序位置,验证数据报文_i的SRH携带的多点转发证明MP_i-1,从而验证数据报文_i的来源。During the data transmission performed by the i-th SR node, the SR node_i receives a data message_i, and the data message_i includes an SRH, which carries a trusted path identifier, identity information of each SR node from the key node 1_1 to the i-th SR node_i as a key node, and the sequential position of each SR node from the key node 1_1 to the i-th SR node_i as a key node in the expected forwarding path. Exemplarily, the sequential position of each SR node from the key node 1_1 to the i-th SR node_i as a key node in the expected forwarding path is a positive integer 1, 2, 3... Exemplarily, the sequential position of the SR node in the expected forwarding path is obtained through the locator field in the SID. When the i-th SR node is a critical node, SR node _i verifies the multi-point forwarding proof MP_i-1 carried by the SRH of data message _i based on the identity information of each SR node from critical node 1_1 to the (i-1)-th SR node and the sequential position of each SR node from critical node 1_1 to the (i-1)-th SR node in the expected forwarding path, thereby verifying the source of data message _i.

如果多点转发证明MP_i-1验证通过,SR节点_i利用从关键节点1_1至节点_i的身份信息以及节点_1到节点_i在预期转发路径中的顺序位置获得一个多点转发证明MP_i。其中,关键节点1_1至节点_i的身份信息以及节点_1到节点_i在预期转发路径中的顺序位置均是从segment list获得的。SR节点_i使用新的多点转发证明MP_i替换数据报文_i的报文头中携带的多点转发证明MP_i-1。If the multi-point forwarding proof MP_i-1 is verified, SR node_i obtains a multi-point forwarding proof MP_i using the identity information from key node 1_1 to node_i and the sequential position from node_1 to node_i in the expected forwarding path. The identity information from key node 1_1 to node_i and the sequential position from node_1 to node_i in the expected forwarding path are obtained from the segment list. SR node_i replaces the multi-point forwarding proof MP_i-1 carried in the header of data message_i with the new multi-point forwarding proof MP_i.

此外,SR节点_i确定本节点在实际转发路径中的顺序位置,例如SR节点_i读取数据报文的报文头中携带的TTL,基于TTL确定本节点在实际转发路径中的顺序位置;SR节点_i将本节点在实际转发路径中的顺序位置填入数据报文的SRH携带的实际顺序位置列表中。In addition, SR node_i determines the sequential position of the node in the actual forwarding path. For example, SR node_i reads the TTL carried in the message header of the data message, and determines the sequential position of the node in the actual forwarding path based on the TTL; SR node_i fills the sequential position of the node in the actual forwarding path into the actual sequential position list carried by the SRH of the data message.

此外,如果数据报文携带的上一个SR节点的多点转发证明MP_i-1验证不通过,SR节点_i丢弃数据报文或者输出告警信息。In addition, if the multipoint forwarding certificate MP_i-1 of the previous SR node carried by the data message fails to pass the verification, the SR node _i discards the data message or outputs an alarm message.

SRv6场景下也可扩展到使用终点验证模式进行转发证明的获取和验证。与随路验证模式相区别的是,控制器确定向量承诺后,将向量承诺直接传递给尾节点(最后一个SR节点)。In the SRv6 scenario, the end point verification mode can also be extended to obtain and verify the forwarding proof. Different from the on-path verification mode, after the controller determines the vector commitment, it directly passes the vector commitment to the tail node (the last SR node).

尾节点从倒数第2个SR节点接收到SRv6数据报文,尾节点从SRv6数据报文的SRH中的Segment List中获取路径信息P=(r_1,r_2,…,r_N)。其中r_i是转发节点的公开可验证的身份信息,在本实施例中转发节点的身份信息是SID。尾节点确定SR节点_i的SID相较于关键节点1的SID的偏移量,以得到SR节点_i在预期转发路径中的顺序位置。尾节点计算一个从节点r_1到r_N的多点转发证明MP_N。MP的计算方法同上文。在一些实施方式中,尾节点通过TTL或者其他方式,获得本节点在实际转发路径中的顺序位置,将本节点在实际转发路径中的顺序位置填入数据报文的携带的实际顺序位置列表中,并转发实际顺序位置列表。尾节点根据向量承诺机制,基于向量承诺C、路径P中每个节点的顺序位置以及路径P中每个节点的身份信息,执行批量验证函数(batch verify)batch verify(C,MP_N,P),对多点转发证明MP_N进行验证,即验证整个路径的每个位置i上的节点身份都是r_i。The tail node receives an SRv6 data message from the second-to-last SR node, and the tail node obtains the path information P = (r_1, r_2, ..., r_N) from the Segment List in the SRH of the SRv6 data message. Among them, r_i is the publicly verifiable identity information of the forwarding node. In this embodiment, the identity information of the forwarding node is SID. The tail node determines the offset of the SID of SR node_i compared to the SID of key node 1 to obtain the sequential position of SR node_i in the expected forwarding path. The tail node calculates a multi-point forwarding proof MP_N from node r_1 to r_N. The calculation method of MP is the same as above. In some embodiments, the tail node obtains the sequential position of the node in the actual forwarding path through TTL or other methods, fills the sequential position of the node in the actual forwarding path into the actual sequential position list carried by the data message, and forwards the actual sequential position list. According to the vector commitment mechanism, the tail node executes the batch verification function (batch verify) batch verify(C, MP_N, P) based on the vector commitment C, the sequential position of each node in the path P, and the identity information of each node in the path P to verify the multi-point forwarding proof MP_N, that is, to verify that the identity of the node at each position i in the entire path is r_i.

在SRv6中使用终点验证模式时,由于segment list本身携带了每个节点的身份信息以及每个节点的相对位置,因此基本无需在SRv6协议的数据面进行修改以携带节点的身份信息以及相对位置,例如在应用层面或者控制面向尾节点传递承诺和公共参数,然后尾节点一次性根据已有信息对转发路径进行验证。When using the endpoint verification mode in SRv6, since the segment list itself carries the identity information of each node and the relative position of each node, there is basically no need to modify the data plane of the SRv6 protocol to carry the identity information and relative position of the nodes. For example, the commitment and public parameters are delivered to the tail node at the application level or control level, and then the tail node verifies the forwarding path based on the existing information at one time.

以上实施例侧重描述节点(设备)级别的路径验证,本申请实施例还提供了一种AS级别的路径验证方法,下面对AS级别的路径验证的应用场景、涉及的基本术语概念以及方法流程进行举例说明。The above embodiments focus on describing the path verification at the node (device) level. The embodiments of the present application also provide a path verification method at the AS level. The application scenarios of the AS level path verification, the basic terminology concepts involved, and the method flow are illustrated below.

AS级别的路径验证主要应用于跨AS传输场景。跨AS传输场景是指一个数据流在传输过程中穿越多个AS。在数据流穿越的多个AS中,与数据流的源主机通信的AS通常称为源AS,与数据流的目的主机通信的AS通常称为目的AS,源AS与目的AS之间的AS通常称为中间AS(Transit AS)。例如,请参考附图9,数据流在传输过程中经过AS100、AS200以及AS 300,其中AS100为源AS,AS200为中间AS,AS 300为目的AS。AS-level path verification is mainly used in cross-AS transmission scenarios. Cross-AS transmission scenarios refer to a data stream passing through multiple ASs during transmission. Among the multiple ASs that the data stream passes through, the AS that communicates with the source host of the data stream is usually called the source AS, the AS that communicates with the destination host of the data stream is usually called the destination AS, and the AS between the source AS and the destination AS is usually called the intermediate AS (Transit AS). For example, please refer to Figure 9, the data stream passes through AS100, AS200 and AS 300 during transmission, where AS100 is the source AS, AS200 is the intermediate AS, and AS 300 is the destination AS.

一个AS中通常部署有一个或多个转发节点。AS中不同位置部署的转发节点的角色有所区别。One or more forwarding nodes are usually deployed in an AS. The roles of forwarding nodes deployed at different locations in the AS are different.

AS的边界部署的转发节点用于在AS之间转发业务数据。AS的边界部署的转发节点也称为边界网络设备,AS的边界部署的转发节点例如为ASBR或者PE。不同AS边界部署的转发节点通常基于BGP协议跨AS通信。AS的边界部署的转发节点包括AS的入口部署的转发节点以及AS的出口部署的转发节点。The forwarding nodes deployed at the border of an AS are used to forward service data between ASs. The forwarding nodes deployed at the border of an AS are also called border network devices. For example, the forwarding nodes deployed at the border of an AS are ASBRs or PEs. The forwarding nodes deployed at the borders of different ASs usually communicate across ASs based on the BGP protocol. The forwarding nodes deployed at the border of an AS include the forwarding nodes deployed at the entrance of the AS and the forwarding nodes deployed at the exit of the AS.

AS的入口部署的转发节点用于将来自于AS外部的业务数据转发至AS内部。一个AS的入口可部署一个或多个转发节点。AS的入口部署的转发节点也称入口节点,例如为入口PE。例如,AS100的入口部署有转发节点Q,转发节点Q用于将来自源主机的业务数据转发至AS100内部。AS200的入口部署有转发节点B,转发节点B用于将来自AS100的业务数据转发至AS200内部。The forwarding node deployed at the entrance of the AS is used to forward the service data from the outside of the AS to the inside of the AS. One or more forwarding nodes can be deployed at the entrance of an AS. The forwarding node deployed at the entrance of the AS is also called an entry node, such as an entry PE. For example, the entrance of AS100 is deployed with a forwarding node Q, and the forwarding node Q is used to forward the service data from the source host to the inside of AS100. The entrance of AS200 is deployed with a forwarding node B, and the forwarding node B is used to forward the service data from AS100 to the inside of AS200.

AS的出口部署的转发节点用于将来自于AS内部的业务数据转发至AS外部。AS的出口部署的转发节点也称出口节点,例如称为出口PE。在一些实施方式中,在一个AS与多个AS具有邻居关系的情况下,AS的出口部署的转发节点还用于在接收到数据报文后,从本AS的多个邻居AS中选择下一个AS,将业务数据转发给选择的AS部署的转发节点。例如,关键节点A用于从AS200和AS 400中选择一个AS,作为业务数据待传输的下一个AS。The forwarding node deployed at the exit of the AS is used to forward the service data from inside the AS to outside the AS. The forwarding node deployed at the exit of the AS is also called an exit node, for example, an exit PE. In some embodiments, when an AS has a neighbor relationship with multiple ASs, the forwarding node deployed at the exit of the AS is also used to select the next AS from multiple neighboring ASs of the AS after receiving the data message, and forward the service data to the forwarding node deployed by the selected AS. For example, key node A is used to select an AS from AS200 and AS 400 as the next AS to which the service data is to be transmitted.

AS内部部署的转发节点用于在AS内部传输数据。例如,转发节点E用于在AS 300内转发业务数据。The forwarding nodes deployed inside the AS are used to transmit data inside the AS. For example, forwarding node E is used to forward service data within AS 300.

在跨AS传输场景下,需要验证数据报文待经过的AS或者已经过的AS是否属于规划的预期路径中经过的AS,降低数据报文经过非预期的AS引起的风险。例如,降低数据报文经过网络传输质量不满足要求(例如时延、丢包率不达标)的AS引起的网络传输质量下降的风险,或者降低数据报文经过网络安全性不满足要求的AS(例如已识别的有安全风险的AS)引起的安全风险。In the cross-AS transmission scenario, it is necessary to verify whether the AS that the data message is about to pass through or has passed through belongs to the AS in the planned expected path, so as to reduce the risk caused by the data message passing through an unexpected AS. For example, it can reduce the risk of network transmission quality degradation caused by the data message passing through an AS whose network transmission quality does not meet the requirements (for example, the latency and packet loss rate do not meet the standards), or reduce the security risk caused by the data message passing through an AS whose network security does not meet the requirements (for example, an AS with security risks that has been identified).

有鉴于此,本申请的一些实施方式中,由于基于被验证AS的身份信息以及被验证AS的顺序位置,获取被验证AS的转发证明,对被验证AS的转发证明与向量承诺进行比较,从而确定被验证AS是否是预期AS或/和被验证AS的顺序位置是否为预期顺序位置,实现AS级别的路径验证。In view of this, in some embodiments of the present application, based on the identity information of the verified AS and the sequential position of the verified AS, the forwarding proof of the verified AS is obtained, and the forwarding proof of the verified AS is compared with the vector commitment to determine whether the verified AS is the expected AS and/or whether the sequential position of the verified AS is the expected sequential position, thereby realizing AS-level path verification.

被验证AS包括而不限于当前AS、当前AS的邻居AS、当前AS或/和源AS至当前AS中的每个AS。当前AS的邻居AS是指与当前AS(数据报文当前传输至的AS)具有邻居关系的AS。例如,当前AS的邻居AS包括转发路径中当前AS的上一个AS(也称上一跳AS)或者转发路径中当前AS的下一个AS。例如,当数据报文传输至关键节点A,当前AS为AS100,当前AS的邻居AS包括AS200和AS 400。又如,当数据报文传输至关键节点B,当前AS为AS200,当前AS的邻居AS包括AS200和AS 400,源AS至当前AS中的每个AS包括AS100和AS200。又如,当数据报文传输至关键节点D,当前AS为AS 300,当前AS的邻居AS包括AS200和AS 400,源AS至当前AS中的每个AS包括AS 100、AS200和AS 300。The verified AS includes but is not limited to the current AS, the neighbor AS of the current AS, the current AS and/or each AS from the source AS to the current AS. The neighbor AS of the current AS refers to an AS that has a neighbor relationship with the current AS (the AS to which the data message is currently transmitted). For example, the neighbor AS of the current AS includes the previous AS of the current AS in the forwarding path (also called the previous hop AS) or the next AS of the current AS in the forwarding path. For example, when the data message is transmitted to the key node A, the current AS is AS100, and the neighbor ASs of the current AS include AS200 and AS 400. For another example, when the data message is transmitted to the key node B, the current AS is AS200, the neighbor ASs of the current AS include AS200 and AS 400, and each AS from the source AS to the current AS includes AS100 and AS200. For another example, when the data packet is transmitted to the key node D, the current AS is AS 300, the neighboring ASs of the current AS include AS 200 and AS 400, and each AS from the source AS to the current AS includes AS 100, AS 200, and AS 300.

在一些实施方式中,负责验证被验证AS的转发证明的执行主体为位于当前AS边界的转发节点。当前AS边界的转发节点包括位于当前AS入口的转发节点以及当前AS的出口的转发节点。考虑到AS边界的转发节点需要执行AS之间转发业务数据的行为,通过AS边界的转发节点对被验证AS的转发证明,提高AS之间转发业务数据的安全性。In some embodiments, the execution subject responsible for verifying the forwarding proof of the verified AS is a forwarding node located at the boundary of the current AS. The forwarding nodes at the boundary of the current AS include the forwarding nodes at the entrance of the current AS and the forwarding nodes at the exit of the current AS. Considering that the forwarding nodes at the boundary of the AS need to perform the behavior of forwarding business data between ASs, the forwarding proof of the verified AS by the forwarding nodes at the boundary of the AS improves the security of forwarding business data between ASs.

在一些实施方式中,当前AS出口的转发节点负责计算当前AS的下一个AS的转发证明,基于AS级向量承诺对当前AS的下一个AS进行路径验证。通过对当前AS的下一个AS进行路径验证,有助于验证数据报文即将进入的AS是否为路径规划方指定的预期AS,降低路由劫持攻击的风险。In some implementations, the forwarding node at the current AS egress is responsible for calculating the forwarding proof of the next AS of the current AS, and performing path verification on the next AS of the current AS based on the AS-level vector commitment. Performing path verification on the next AS of the current AS helps verify whether the AS that the data packet is about to enter is the expected AS specified by the path planner, thereby reducing the risk of route hijacking attacks.

在一些实施方式中,当前AS入口的转发节点负责计算当前AS的上一个AS的转发证明,基于AS级向量承诺对当前AS的上一个AS进行路径验证。通过对当前AS的上一个AS进行路径验证,有助于验证数据报文的来源AS是否为路径规划方指定的预期AS。又如,当前AS入口的转发节点负责计算当前AS的转发证明,基于AS级向量承诺对当前AS的进行路径验证。通过对当前AS进行路径验证,有助于验证数据报文当前所处的AS是否为路径规划方指定的预期AS。通过对源AS至当前AS中的每个AS进行路径验证,有助于验证数据报文在上半程路径沿途转发是否经过了非预期的AS。In some embodiments, the forwarding node at the entrance of the current AS is responsible for calculating the forwarding proof of the previous AS of the current AS, and performing path verification on the previous AS of the current AS based on the AS-level vector commitment. By performing path verification on the previous AS of the current AS, it helps to verify whether the source AS of the data message is the expected AS specified by the path planner. For another example, the forwarding node at the entrance of the current AS is responsible for calculating the forwarding proof of the current AS, and performing path verification on the current AS based on the AS-level vector commitment. By performing path verification on the current AS, it helps to verify whether the AS where the data message is currently located is the expected AS specified by the path planner. By performing path verification on each AS from the source AS to the current AS, it helps to verify whether the data message has passed through an unexpected AS along the way in the upper half of the path.

以被验证AS为当前AS的下一个AS为例,当前转发节点在从当前AS的多个邻居AS中选择下一个AS的过程中,基于选择的AS的身份信息以及选择的AS的顺序位置进行路径验证。如果验证不通过,能够确定选择的AS为非预期的AS,则执行预定处理动作,该预定处理动作例如重新在多个邻居AS中选择下一个AS直至选中预期AS,或者终止转发数据报文并上报管理平面等。由于采用转发前先验证的方式,将数据报文从当前AS转发给下一个AS之前,提前执行对下一个AS的验证,从而降低数据报文从当前AS进入非预期AS引起的风险。例如,基于选择的AS的身份信息以及选择的AS的顺序位置确定选择的AS的转发证明,通过对向量承诺与AS的转发证明进行比较从而验证选择的AS是否为路径规划方预期的AS。Taking the verified AS as the next AS of the current AS as an example, the current forwarding node performs path verification based on the identity information of the selected AS and the sequential position of the selected AS in the process of selecting the next AS from multiple neighboring ASs of the current AS. If the verification fails, it can be determined that the selected AS is an unexpected AS, and a predetermined processing action is performed, such as reselecting the next AS from multiple neighboring ASs until the expected AS is selected, or terminating the forwarding of the data message and reporting to the management plane. Due to the use of the verification before forwarding method, the verification of the next AS is performed in advance before forwarding the data message from the current AS to the next AS, thereby reducing the risk caused by the data message entering the unexpected AS from the current AS. For example, the forwarding proof of the selected AS is determined based on the identity information of the selected AS and the sequential position of the selected AS, and the vector commitment is compared with the forwarding proof of the AS to verify whether the selected AS is the AS expected by the path planner.

例如,在附图9所示场景中,路径规划方在规划转发路径时,指定数据报文经过AS100、AS200以及AS 300,路径规划方预期的AS之间的顺序关系为首先经过AS100,然后经过AS200,最后经过AS 300。换句话说,AS100预期的顺序位置是1,AS200预期的顺序位置是2,AS 300预期的顺序位置是3。在数据报文转发过程中,当数据报文到达AS100的出口部署的关键节点A,关键节点A在从AS200和AS 400中选择下一个AS时,如果关键节点A选择了AS200,关键节点A先通过计算AS200的转发证明,对AS200的转发证明与向量承诺比较从而验证AS200是否为第2个AS。如果验证通过,相当于确定AS200为第2个AS,再向AS200转发数据报文。如果验证不通过,相当于确定AS200不为第2个AS,则输出告警信息。For example, in the scenario shown in FIG. 9 , when planning the forwarding path, the path planner specifies that the data message passes through AS100, AS200, and AS 300. The expected order relationship between the ASs by the path planner is to first pass through AS100, then pass through AS200, and finally pass through AS 300. In other words, the expected order position of AS100 is 1, the expected order position of AS200 is 2, and the expected order position of AS 300 is 3. During the data message forwarding process, when the data message arrives at the key node A deployed at the exit of AS100, when the key node A selects the next AS from AS200 and AS 400, if the key node A selects AS200, the key node A first calculates the forwarding proof of AS200, and compares the forwarding proof of AS200 with the vector commitment to verify whether AS200 is the second AS. If the verification is successful, it is equivalent to determining that AS200 is the second AS, and then forwarding the data message to AS200. If the verification fails, it is equivalent to determining that AS200 is not the second AS, and an alarm message is output.

附图10是本申请实施例提供的一种路径验证方法的流程图。附图10所示方法涉及多个AS的边界部署的转发节点之间的交互。附图10所示方法包括以下步骤S410至步骤S480。FIG10 is a flow chart of a path verification method provided by an embodiment of the present application. The method shown in FIG10 involves interaction between forwarding nodes deployed at the borders of multiple ASs. The method shown in FIG10 includes the following steps S410 to S480.

步骤S410,路径规划方确定AS列表。Step S410: The path planner determines the AS list.

步骤S420,路径规划方确定AS级向量承诺。Step S420: The path planner determines the AS-level vector commitment.

AS级向量承诺为AS级别的向量承诺。AS级向量承诺指示至少两个AS在预期转发路径中的顺序位置与至少两个AS的身份之间的对应关系,例如,路径规划方根据预期转发路径经过的每个AS的身份信息以及每个AS的顺序位置计算AS级向量承诺。The AS-level vector commitment is a vector commitment at the AS level. The AS-level vector commitment indicates the correspondence between the sequential positions of at least two ASs in the expected forwarding path and the identities of at least two ASs. For example, the path planner calculates the AS-level vector commitment based on the identity information of each AS that the expected forwarding path passes through and the sequential position of each AS.

在一些实施方式中,路径规划方在确定向量承诺时使用的输入数据包括一条长度为M的预期转发路径,例如向量P=(r_1,r_2,…,r_M)。路径规划方利用向量承诺机制中的承诺函数,基于M个AS中每个AS的身份信息以及M个AS中每个AS的顺序位置,计算一个与预期转发路径P绑定的向量承诺C=commit(P)。路径规划方输出一个长度为k的承诺C,k与安全参数lambda有关。In some embodiments, the input data used by the path planner in determining the vector commitment includes an expected forwarding path of length M, such as a vector P = (r_1, r_2, ..., r_M). The path planner uses the commitment function in the vector commitment mechanism to calculate a vector commitment C = commit(P) bound to the expected forwarding path P based on the identity information of each AS in the M ASs and the sequential position of each AS in the M ASs. The path planner outputs a commitment C of length k, where k is related to the security parameter lambda.

步骤S430,关键节点A获取第一数据报文。Step S430: key node A obtains a first data message.

步骤S440,关键节点A获取被验证AS的身份信息以及被验证AS的顺序位置。Step S440, key node A obtains the identity information of the verified AS and the sequence position of the verified AS.

在一些实施方式中,被验证AS为当前AS(关键节点A所处的AS200)的下一个AS。例如,被验证AS为AS100下游的AS200或者AS 400。又如,被验证AS为AS100的AS200或者AS 400。In some implementations, the verified AS is the next AS of the current AS (AS200 where the key node A is located). For example, the verified AS is AS200 or AS 400 downstream of AS100. For another example, the verified AS is AS200 or AS 400 of AS100.

被验证AS的顺序位置包括被验证AS的预期顺序位置以及被验证AS的实际顺序位置。The sequential position of the authenticated AS includes the expected sequential position of the authenticated AS and the actual sequential position of the authenticated AS.

被验证AS的预期顺序位置指示被验证AS与预期转发路径经过的每个AS之间的顺序关系。例如。预期顺序位置指示被验证AS是预期转发路径中经过的第几个AS。在一些实施方式中,被验证AS的预期顺序位置为被验证AS的身份信息在AS列表中所处的顺序位置,AS列表包括预期转发路径中经过的每个关键节点所处的AS的身份信息。通过使用被验证AS的顺序位置进行路径验证,允许实际转发路径中两个预期AS之间插入非预期的AS,从而实现AS级别的容错性。The expected sequential position of the verified AS indicates the sequential relationship between the verified AS and each AS that the expected forwarding path passes through. For example. The expected sequential position indicates the number of ASs that the verified AS passes through in the expected forwarding path. In some embodiments, the expected sequential position of the verified AS is the sequential position of the identity information of the verified AS in the AS list, and the AS list includes the identity information of the AS at each key node passed through in the expected forwarding path. By using the sequential position of the verified AS for path verification, it is allowed to insert an unexpected AS between two expected ASs in the actual forwarding path, thereby achieving AS-level fault tolerance.

被验证AS的实际顺序位置指示被验证AS与实际转发路径经过的每个AS之间的顺序关系。例如。被验证AS的实际顺序位置指示被验证AS是实际转发路径中经过的第几个AS。通过使用被验证AS的实际顺序位置,能够实现更加严格的AS级别的路径验证。The actual sequence position of the verified AS indicates the sequence relationship between the verified AS and each AS passed by the actual forwarding path. For example, the actual sequence position of the verified AS indicates the AS number that the verified AS passes through in the actual forwarding path. By using the actual sequence position of the verified AS, a more stringent AS-level path verification can be achieved.

如何获得被验证AS的身份信息以及被验证AS的顺序位置包括如下几种方式。How to obtain the identity information of the authenticated AS and the sequence position of the authenticated AS includes the following methods.

获得被验证AS的身份信息和/或预期顺序位置的方式一、数据报文中携带被验证AS的顺序位置和/或身份信息。Method 1 for obtaining the identity information and/or expected sequence position of the authenticated AS: The sequence position and/or identity information of the authenticated AS is carried in the data message.

在一些实施方式中,对数据报文进行扩展,在数据报文中携带被验证AS的身份信息和/或被验证AS的顺序位置。又如,在数据报文中携带当前AS的顺序位置。关键节点基于当前AS的顺序位置以及当前AS与被验证AS之间的顺序关系确定被验证AS的预期顺序位置。例如,关键节点基于当前AS与被验证AS之间的顺序关系为被验证AS是当前AS的下一个AS,将当前AS在转发路径中的顺序位置加一,得到下一个AS在转发路径中的顺序位置,进而针对下一个AS进行路径验证。示例性地,数据报文中携带AS100的顺序位置是1,关键节点A确定待验证的AS200是AS100的下一个AS,关键节点A基于AS100的顺序位置是1,确定AS200的顺序位置是1+1=2。In some embodiments, the data message is extended to carry the identity information of the verified AS and/or the sequential position of the verified AS in the data message. For another example, the sequential position of the current AS is carried in the data message. The key node determines the expected sequential position of the verified AS based on the sequential position of the current AS and the sequential relationship between the current AS and the verified AS. For example, based on the sequential relationship between the current AS and the verified AS, the key node determines that the verified AS is the next AS of the current AS, and adds one to the sequential position of the current AS in the forwarding path to obtain the sequential position of the next AS in the forwarding path, and then performs path verification on the next AS. Exemplarily, the sequential position of AS100 carried in the data message is 1, and the key node A determines that AS200 to be verified is the next AS of AS100. Based on the sequential position of AS100 being 1, the key node A determines that the sequential position of AS200 is 1+1=2.

作为示例,数据报文中携带AS级别的TTL,AS级别的TTL用于指示当前AS在转发路径中的顺序位置。例如,AS级别的TTL指示数据报文在传输过程中已经过的AS的数量。数据报文当前经过了第k个AS,则AS级别的TTL的值为k。关键节点基于数据报文中携带的AS级别的TTL确定当前AS的顺序位置,进而针对当前AS进行路径验证。又如,关键节点基于当前AS的顺序位置以及当前AS与下一个AS之间的顺序关系,确定下一个AS的预期顺序位置。As an example, the data message carries an AS-level TTL, which is used to indicate the sequential position of the current AS in the forwarding path. For example, the AS-level TTL indicates the number of ASs that the data message has passed through during the transmission process. If the data message has currently passed through the kth AS, the value of the AS-level TTL is k. The key node determines the sequential position of the current AS based on the AS-level TTL carried in the data message, and then performs path verification on the current AS. For another example, the key node determines the expected sequential position of the next AS based on the sequential position of the current AS and the sequential relationship between the current AS and the next AS.

在另一些实施方式中,AS级别的TTL指示下一个AS在转发路径中的顺序位置。关键节点基于数据报文中携带的AS级别的TTL,确定下一个AS的预期顺序位置,进而针对下一个AS进行路径验证。In some other implementations, the AS-level TTL indicates the sequential position of the next AS in the forwarding path. The key node determines the expected sequential position of the next AS based on the AS-level TTL carried in the data message, and then performs path verification for the next AS.

在一些实施方式中,对数据报文进行扩展,在数据报文中携带AS列表。关键节点基于数据报文中的AS列表获取被验证AS的身份信息以及被验证AS的预期顺序位置。例如,关键节点基于被验证AS的身份信息在AS列表中所处的顺序位置,确定被验证AS的预期顺序位置。以被验证AS为当前AS为例,关键节点基于当前AS的身份信息在AS列表中所处的顺序位置,确定当前AS的预期顺序位置。以被验证AS为下一个AS为例,关键节点基于当前AS的身份信息在AS列表中所处的顺序位置以及当前AS与下一个AS之间的顺序关系,确定下一个AS的预期顺序位置。In some embodiments, the data message is extended to carry an AS list in the data message. The key node obtains the identity information of the verified AS and the expected sequential position of the verified AS based on the AS list in the data message. For example, the key node determines the expected sequential position of the verified AS based on the sequential position of the identity information of the verified AS in the AS list. Taking the verified AS as the current AS as an example, the key node determines the expected sequential position of the current AS based on the sequential position of the identity information of the current AS in the AS list. Taking the verified AS as the next AS as an example, the key node determines the expected sequential position of the next AS based on the sequential position of the identity information of the current AS in the AS list and the sequential relationship between the current AS and the next AS.

作为示例,第一数据报文中携带AS列表,关键节点A基于AS200的身份信息在AS列表中所处的顺序位置,确定AS200的身份信息在AS列表中的预期顺序位置。例如,第一数据报文携带AS列表[AS 300AS200AS100],关键节点A基于AS200在AS列表[AS 300AS200AS100]中排在第2个位置,确定AS200的身份信息的顺序位置是2。As an example, the first data message carries an AS list, and the key node A determines the expected sequence position of the identity information of AS200 in the AS list based on the sequence position of the identity information of AS200 in the AS list. For example, the first data message carries the AS list [AS 300AS200AS100], and the key node A determines that the sequence position of the identity information of AS200 is 2 based on the fact that AS200 ranks in the second position in the AS list [AS 300AS200AS100].

获得被验证AS的身份信息和/或预期顺序位置的方式二、查询本地路由表Method 2 for obtaining the identity information and/or expected sequence position of the authenticated AS: query the local routing table

在一些实施方式中,关键节点A本地的路由表保存有数据报文的目的IP地址、该目的IP地址的可达路径中本节点的下一个转发节点以及下一个转发节点所处的AS的参数之间的对应关系。AS的参数包括AS的身份信息以及AS的预期顺序位置。在一个目的IP地址存在多个可达路径的情况下,路由表保存目的IP地址的每个可达路径中本节点的下一个转发节点以及下一个转发节点所处的AS的参数之间的对应关系。关键节点A基于第一数据报文的目的IP地址查找路由表,以确定被验证AS的身份信息以及被验证AS的预期顺序位置。In some embodiments, the local routing table of the key node A stores the corresponding relationship between the parameters of the AS where the next forwarding node of the node and the next forwarding node are located in the reachable path of the destination IP address of the data message. The parameters of the AS include the identity information of the AS and the expected sequential position of the AS. In the case where there are multiple reachable paths for a destination IP address, the routing table stores the corresponding relationship between the parameters of the AS where the next forwarding node of the node and the next forwarding node are located in each reachable path of the destination IP address. The key node A searches the routing table based on the destination IP address of the first data message to determine the identity information of the verified AS and the expected sequential position of the verified AS.

例如,第一数据报文的目的IP地址是图9中2.2.2.2。路由表包括如下内容,关键节点A基于数据报文中的目的IP地址2.2.2.2查询下表后,确定被验证AS的身份信息是AS200或者和AS 400,AS的预期顺序位置是2。
For example, the destination IP address of the first data message is 2.2.2.2 in Figure 9. The routing table includes the following content. After the key node A queries the following table based on the destination IP address 2.2.2.2 in the data message, it determines that the identity information of the verified AS is AS200 or AS400, and the expected sequence position of the AS is 2.

在另一些实施方式中,数据报文携带预期转发路径中关键节点A的下一个转发节点的标识。关键节点A本地的路由表保存有转发节点的标识以及转发节点的标识所处的AS的参数之间的对应关系。关键节点A获取第一数据报文携带的下一个转发节点的标识,基于下一个转发节点的标识查找路由表,以确定被验证AS的身份信息以及被验证AS的预期顺序位置。例如,第一数据报文的目的IP地址字段或者SRH中携带转发节点B的标识,关键节点A基于转发节点B的标识查找路由表,确定被验证AS为AS 200。In other embodiments, the data message carries the identifier of the next forwarding node of the key node A in the expected forwarding path. The local routing table of the key node A stores the correspondence between the identifier of the forwarding node and the parameters of the AS where the identifier of the forwarding node is located. The key node A obtains the identifier of the next forwarding node carried by the first data message, and searches the routing table based on the identifier of the next forwarding node to determine the identity information of the verified AS and the expected sequential position of the verified AS. For example, the destination IP address field or SRH of the first data message carries the identifier of the forwarding node B. The key node A searches the routing table based on the identifier of the forwarding node B and determines that the verified AS is AS 200.

针对获得被验证AS的预期顺序位置的过程,在一些实施方式中,关键节点在控制面路由通告的流程中,通过BGP协议通告的AS_path确定AS的预期顺序位置。例如,在通告IP地址2.2.2.2的过程中,AS 300中的边界网络设备向AS200的边界网络设备发送BGP update报文1,BGP update报文1包括IP地址2.2.2.2以及AS_path 1,AS_path 1包括AS 300的AS号。AS 200的边界网络设备接收到BGP update报文1后,向BGP update报文1中的AS_path 1添加AS 200的AS号,以得到BGP update报文2。BGP update报文2包括IP地址2.2.2.2以及AS_path 2,AS_path 2包括AS 300的AS号以及AS 200的AS号。AS 200的边界网络设备向AS 100的边界网络设备发送BGP update报文2。AS 100的边界网络设备接收来自AS 200的边界网络设备后,向BGP update报文2中的AS_path 2添加AS 100的AS号,以得到BGP update报文3。BGP update报文3包括IP地址2.2.2.2以及AS_path 3,AS_path 3包括AS 300的AS号、AS 200的AS号以及AS 100的AS号。例如AS_path 3表示为[AS 300 AS 200 AS 100],AS 100的边界网络设备基于AS_path 3确定AS 200的顺序位置是2。Regarding the process of obtaining the expected sequential position of the verified AS, in some embodiments, the key node determines the expected sequential position of the AS through the AS_path announced by the BGP protocol in the process of control plane route announcement. For example, in the process of announcing the IP address 2.2.2.2, the border network device in AS 300 sends BGP update message 1 to the border network device of AS 200, and BGP update message 1 includes the IP address 2.2.2.2 and AS_path 1, and AS_path 1 includes the AS number of AS 300. After receiving BGP update message 1, the border network device of AS 200 adds the AS number of AS 200 to AS_path 1 in BGP update message 1 to obtain BGP update message 2. BGP update message 2 includes the IP address 2.2.2.2 and AS_path 2, and AS_path 2 includes the AS number of AS 300 and the AS number of AS 200. The border network device of AS 200 sends BGP update message 2 to the border network device of AS 100. After receiving the message from the border network device of AS 200, the border network device of AS 100 adds the AS number of AS 100 to AS_path 2 in BGP update message 2 to obtain BGP update message 3. BGP update message 3 includes IP address 2.2.2.2 and AS_path 3. AS_path 3 includes the AS number of AS 300, the AS number of AS 200, and the AS number of AS 100. For example, AS_path 3 is expressed as [AS 300 AS 200 AS 100]. The border network device of AS 100 determines that the sequence position of AS 200 is 2 based on AS_path 3.

在另一些实施方式中,通过控制面预分发的方式获得被验证AS的身份信息以及被验证AS的身份信息。控制面预分发的方式包括转发节点之间交互方式以及路径规划方以及转发节点交互的方式。In other implementations, the identity information of the verified AS and the identity information of the verified AS are obtained by means of control plane pre-distribution. The control plane pre-distribution means include the interaction means between forwarding nodes and the interaction means between the path planner and the forwarding node.

转发节点之间交互方式例如是不同AS中的转发节点交互路由协议报文实现的。例如,被验证节点内部署的边界网络设备生成并向第一转发节点路由协议报文,路由协议报文携带第一IP地址以及被验证AS的身份信息;路由协议报文例如为BGP协议报文。路由协议报文携带NLRI字段以及路径属性字段,NLRI字段携带第一IP地址,路径属性字段携带被验证AS的身份信息。第一转发节点接收来自被验证AS的路由协议报文;第一转发节点获得路由协议报文携带的第一IP地址以及被验证AS的身份信息。第一转发节点保存第一对应关系,第一对应关系包括第一IP地址以及被验证AS的身份信息;第一转发节点获取第一数据报文之后,第一转发节点基于第一IP地址以及第一对应关系获得被验证AS的身份信息。The interaction mode between forwarding nodes is realized by, for example, forwarding nodes in different ASs interacting with each other through routing protocol messages. For example, a border network device deployed in a verified node generates and sends a routing protocol message to a first forwarding node, and the routing protocol message carries a first IP address and identity information of the verified AS; the routing protocol message is, for example, a BGP protocol message. The routing protocol message carries an NLRI field and a path attribute field, and the NLRI field carries the first IP address, and the path attribute field carries the identity information of the verified AS. The first forwarding node receives a routing protocol message from the verified AS; the first forwarding node obtains the first IP address and identity information of the verified AS carried in the routing protocol message. The first forwarding node saves a first corresponding relationship, and the first corresponding relationship includes the first IP address and identity information of the verified AS; after the first forwarding node obtains the first data message, the first forwarding node obtains the identity information of the verified AS based on the first IP address and the first corresponding relationship.

路径规划方以及转发节点交互的方式例如包括如下步骤。The way in which the path planner and the forwarding node interact, for example, includes the following steps.

步骤一,路径规划方生成并向第一转发节点发送给通告报文。通告报文携带路径标识、被验证AS的顺序位置以及被验证AS的身份信息Step 1: The path planner generates and sends a notification message to the first forwarding node. The notification message carries the path identifier, the sequence position of the verified AS, and the identity information of the verified AS.

作为示例,路径规划方向预期转发路径中经过的每个AS的边界网络设备发送通告报文,通告报文携带预期转发路径经过的每个AS的身份信息以及预期转发路径经过的每个AS的预期顺序位置。As an example, the path planning direction sends a notification message to the border network device of each AS passed in the expected forwarding path, and the notification message carries the identity information of each AS passed by the expected forwarding path and the expected sequential position of each AS passed by the expected forwarding path.

步骤二,第一转发节点接收来自路径规划方的通告报文。Step 2: The first forwarding node receives a notification message from a path planning party.

步骤三,第一转发节点保存第二对应关系,第二对应关系包括路径标识、被验证AS的顺序位置以及被验证AS的身份信息。Step three: The first forwarding node saves the second corresponding relationship, where the second corresponding relationship includes the path identifier, the sequence position of the verified AS, and the identity information of the verified AS.

例如,第一转发节点在本地路由表中保存第二对应关系。第一转发节点后续获取第一数据报文之后,第一转发节点基于路径标识以及第二对应关系获得被验证AS的顺序位置以及被验证AS的身份信息。For example, the first forwarding node saves the second correspondence in the local routing table. After the first forwarding node subsequently obtains the first data message, the first forwarding node obtains the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second correspondence.

获得被验证AS的身份信息和/或预期顺序位置的方式三、查询AS拓扑库Method 3: Query the AS topology database to obtain the identity information and/or expected sequence position of the verified AS

例如,关键节点基于本节点所处的AS的标识查询AS拓扑库,以得到被验证AS的身份信息以及被验证AS的顺序位置。AS拓扑库用于指示AS之间的拓扑关系。例如,AS拓扑库包括具有邻居关系的一对AS的身份信息以及顺序位置。AS拓扑库可以是任意公开可获得AS邻居关系的数据库。举例说明,AS拓扑库例如是基于资源公共密钥基础架构(resource public key infrastructure,RPKI)管理的数据库。AS拓扑库例如是自治系统服务商授权(autonomous system provider authorization,ASPA)数据库,又如是互联网路由注册(internet routing registry,IRR)数据库,再如是路由源授权(route origin authorization,ROA)数据库。For example, the key node queries the AS topology library based on the identifier of the AS where the node is located to obtain the identity information of the verified AS and the sequential position of the verified AS. The AS topology library is used to indicate the topological relationship between ASs. For example, the AS topology library includes the identity information and sequential position of a pair of ASs with neighbor relationships. The AS topology library can be any publicly available database of AS neighbor relationships. For example, the AS topology library is a database managed based on the resource public key infrastructure (RPKI). The AS topology library is, for example, an autonomous system provider authorization (ASPA) database, an internet routing registry (IRR) database, or a route origin authorization (ROA) database.

步骤S450,关键节点A基于被验证AS的身份信息以及被验证AS的顺序位置获得AS级别的转发证明。Step S450, key node A obtains an AS-level forwarding certificate based on the identity information of the verified AS and the sequence position of the verified AS.

步骤S460,关键节点A基于AS级向量承诺、被验证AS的身份信息以及被验证AS的顺序位置,对AS级别的转发证明进行验证。Step S460, key node A verifies the AS-level forwarding proof based on the AS-level vector commitment, the identity information of the verified AS, and the sequential position of the verified AS.

针对AS级向量承诺的获取方式,在一些实施方式中,对数据报文的格式进行扩展,第一数据报文中携带AS级向量承诺。例如,第一数据报文包括IPv6扩展头,IPv6扩展头携带AS级向量承诺。又如,第一数据报文包括NSH,NSH携带AS级向量承诺。AS级向量承诺在数据报文中的携带位置可参考第一向量承诺在数据报文中的携带位置。Regarding the method for obtaining the AS-level vector commitment, in some implementations, the format of the data message is extended, and the first data message carries the AS-level vector commitment. For example, the first data message includes an IPv6 extension header, and the IPv6 extension header carries the AS-level vector commitment. For another example, the first data message includes an NSH, and the NSH carries the AS-level vector commitment. The carrying position of the AS-level vector commitment in the data message can refer to the carrying position of the first vector commitment in the data message.

在一些实施方式中,验证节点基于第一向量承诺、第一转发节点的身份信息、第一转发节点在预期转发路径的顺序位置以及第一转发节点的转发证明,采用向量承诺机制中的验证函数进行运算。In some embodiments, the verification node uses the verification function in the vector commitment mechanism to perform operations based on the first vector commitment, the identity information of the first forwarding node, the sequential position of the first forwarding node in the expected forwarding path, and the forwarding proof of the first forwarding node.

例如,如果第一向量承诺、第一转发节点的身份信息、第一转发节点在预期转发路径的顺序位置以及第一转发节点的转发证明四者相互匹配,验证函数的输出结果为1,则验证节点确定第一转发节点的转发证明验证通过,表示第一转发节点确实是路径规划方预期的关键节点(预期转发路径经过第一转发节点)且第一转发节点在实际转发路径的顺序位置满足预期转发路径的要求。For example, if the first vector commitment, the identity information of the first forwarding node, the sequential position of the first forwarding node in the expected forwarding path, and the forwarding proof of the first forwarding node match each other, and the output result of the verification function is 1, the verification node determines that the forwarding proof of the first forwarding node has been verified, indicating that the first forwarding node is indeed the key node expected by the path planner (the expected forwarding path passes through the first forwarding node) and the sequential position of the first forwarding node in the actual forwarding path meets the requirements of the expected forwarding path.

反之,如果第一向量承诺、第一转发节点的身份信息、第一转发节点在预期转发路径的顺序位置以及第一转发节点的转发证明四者不匹配,验证函数的输出结果为0,则第一转发节点的转发证明验证通过,表示第一转发节点并不是路径规划方预期的关键节点(预期转发路径没有经过第一转发节点)或者第一转发节点在实际转发路径的顺序位置满不足预期转发路径的要求。On the contrary, if the first vector commitment, the identity information of the first forwarding node, the sequence position of the first forwarding node in the expected forwarding path, and the forwarding proof of the first forwarding node do not match, the output result of the verification function is 0, then the forwarding proof of the first forwarding node is verified successfully, indicating that the first forwarding node is not the key node expected by the path planner (the expected forwarding path does not pass through the first forwarding node) or the sequence position of the first forwarding node in the actual forwarding path does not meet the requirements of the expected forwarding path.

步骤S470,如果AS级别的转发证明验证通过,关键节点A转发第一数据报文。Step S470: If the AS-level forwarding proof verification is passed, key node A forwards the first data message.

在一些实施方式中,在数据报文中携带AS的顺序位置的情况下,关键节点A在转发第一数据报文的过程中还更新AS的顺序位置,以便下一个关键节点基于更新后的AS的顺序位置执行AS级别的路径验证。例如,第一数据报文携带AS100的顺序位置,如果AS200的转发证明通过验证,关键节点A将第一数据报文中的AS100的顺序位置更新为AS200在AS列表中的顺序位置,以得到第二数据报文;关键节点A向转发节点B发送第二数据报文。In some embodiments, when the data message carries the sequence position of the AS, the key node A also updates the sequence position of the AS in the process of forwarding the first data message, so that the next key node performs AS-level path verification based on the updated sequence position of the AS. For example, the first data message carries the sequence position of AS100, and if the forwarding proof of AS200 passes the verification, the key node A updates the sequence position of AS100 in the first data message to the sequence position of AS200 in the AS list to obtain the second data message; the key node A sends the second data message to the forwarding node B.

例如,第一数据报文携带AS级别的TTL,关键节点A在转发第一数据报文的过程中还更新AS级别的TTL。For example, the first data message carries the AS-level TTL, and the key node A also updates the AS-level TTL during the process of forwarding the first data message.

作为示例,数据报文的预期转发路径经过5个AS,数据报文的报文头中包括TTL字段,每当数据报文经过一个AS,报文头中TTL字段的值减一。例如,当数据报文经过第一个AS,数据报文的报文头中TTL字段携带的值更新为254,当数据报文经过第二个AS,数据报文的报文头中TTL字段携带的值更新为253,以此类推。As an example, the expected forwarding path of a data packet passes through 5 ASs, and the header of the data packet includes a TTL field. Every time the data packet passes through an AS, the value of the TTL field in the header decreases by 1. For example, when the data packet passes through the first AS, the value carried by the TTL field in the header of the data packet is updated to 254, and when the data packet passes through the second AS, the value carried by the TTL field in the header of the data packet is updated to 253, and so on.

步骤S480,如果AS级别的转发证明验证不通过,关键节点A执行预定处理动作。Step S480: If the AS-level forwarding proof verification fails, key node A performs a predetermined processing action.

预定处理动作包括重选下一跳AS、丢弃数据报文和/或输出告警信息中至少一项。重选下一跳AS是指到达同一个目的IP地址存在多个可达路径的情况下,不同可达路径经过不同AS到达同一个目的AS,如果原先选择的AS没有通过路径验证,关键节点通过从多个可达路径中当前AS的下一个AS中重新选择另一个AS。例如,IP地址2.2.2.2的可达路径包括AS 100→AS 200→AS 300以及AS 100→AS 400→AS 300,当前AS为AS 100,关键节点A原先从AS 200和AS 400中选择AS200作为下一个AS,但AS 200路径验证不通过,则从AS 200和AS 400中重新选择AS 400。The predetermined processing action includes at least one of reselecting the next hop AS, discarding the data packet, and/or outputting an alarm message. Reselecting the next hop AS means that when there are multiple reachable paths to the same destination IP address, different reachable paths reach the same destination AS through different ASs. If the originally selected AS does not pass the path verification, the key node reselects another AS from the next AS of the current AS in the multiple reachable paths. For example, the reachable paths of IP address 2.2.2.2 include AS 100→AS 200→AS 300 and AS 100→AS 400→AS 300. The current AS is AS 100. Key node A originally selected AS200 as the next AS from AS 200 and AS 400, but AS 200 path verification fails, then AS 400 is reselected from AS 200 and AS 400.

在一些实施方式中,关键节点A还对重选的下一跳AS进行路径验证,以便判断重选的下一跳AS是否是预期AS以及重选的下一跳AS的顺序位置是否满足要求。例如,关键节点A重新选择AS 400后,基于AS 400的身份信息以及AS 400的顺序位置获得AS 400的转发证明,基于AS级向量承诺、AS 400的身份信息以及AS 400的顺序位置对AS 400的转发证明进行验证。In some embodiments, the key node A also performs path verification on the reselected next-hop AS to determine whether the reselected next-hop AS is the expected AS and whether the sequence position of the reselected next-hop AS meets the requirements. For example, after the key node A reselects AS 400, it obtains the forwarding proof of AS 400 based on the identity information of AS 400 and the sequence position of AS 400, and verifies the forwarding proof of AS 400 based on the AS-level vector commitment, the identity information of AS 400, and the sequence position of AS 400.

告警信息用于指示被验证AS不合法。例如,告警信息包括被验证AS的身份信息以及被验证AS的顺序位置。在一些实施方式中,关键节点A向路径规划方发送告警信息。示例性地,如果AS 200的转发证明和AS 400的转发证明均未通过验证,关键节点A丢弃第一数据报文并输出告警信息。The alarm information is used to indicate that the verified AS is illegal. For example, the alarm information includes the identity information of the verified AS and the sequence position of the verified AS. In some embodiments, the key node A sends the alarm information to the path planner. Exemplarily, if the forwarding proof of AS 200 and the forwarding proof of AS 400 are both not verified, the key node A discards the first data message and outputs the alarm information.

图11是本申请实施例提供的一种转发证明的获取装置的结构示意图。装置810例如设于图1中转发节点A-1、转发节点B-2或者转发节点C-3。装置810例如设于图3中关键节点1、关键节点2、关键节点3或者关键节点4。装置810例如设于图4中关键节点1、关键节点2、关键节点3或者关键节点4。装置810例如设于图5中关键节点4。装置810例如设于图6中SF节点_2、SF节点_2或者代理转发节点_3。FIG11 is a schematic diagram of the structure of a forwarding proof acquisition device provided in an embodiment of the present application. Device 810 is, for example, provided at forwarding node A-1, forwarding node B-2, or forwarding node C-3 in FIG1. Device 810 is, for example, provided at key node 1, key node 2, key node 3, or key node 4 in FIG3. Device 810 is, for example, provided at key node 1, key node 2, key node 3, or key node 4 in FIG4. Device 810 is, for example, provided at key node 4 in FIG5. Device 810 is, for example, provided at SF node_2, SF node_2, or proxy forwarding node_3 in FIG6.

装置810包括获取单元811以及处理单元812。装置810例如设于图2中关键节点A,获取单元811用于执行图2示出的方法中S230以及S240;处理单元812用于执行图2示出的方法中S250。可选地,装置810还包括发送单元813,发送单元813用于执行图2示出的方法中S260以及发送数据报文B。装置810又如设于图2中关键节点B,获取单元811用于执行图2示出的方法中S320以及S340;处理单元812用于执行图2示出的方法中S350,发送单元813用于执行图2示出的方法中S360。The device 810 includes an acquisition unit 811 and a processing unit 812. The device 810 is, for example, disposed at the key node A in FIG. 2 , and the acquisition unit 811 is used to execute S230 and S240 in the method shown in FIG. 2 ; the processing unit 812 is used to execute S250 in the method shown in FIG. 2 . Optionally, the device 810 also includes a sending unit 813, and the sending unit 813 is used to execute S260 in the method shown in FIG. 2 and to send data message B. The device 810 is also, for example, disposed at the key node B in FIG. 2 , and the acquisition unit 811 is used to execute S320 and S340 in the method shown in FIG. 2 ; the processing unit 812 is used to execute S350 in the method shown in FIG. 2 , and the sending unit 813 is used to execute S360 in the method shown in FIG. 2 .

图11所描述的装置实施例仅仅是示意性的,例如,上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。在本申请各个实施例中的各功能单元可以集成在一个处理单元812中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。The device embodiment described in FIG. 11 is merely illustrative. For example, the division of the above units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Each functional unit in each embodiment of the present application may be integrated into a processing unit 812, or each unit may exist physically separately, or two or more units may be integrated into one unit.

转发证明的获取装置810中的各个单元全部或部分地通过软件、硬件、固件或者其任意组合来实现。Each unit in the forwarding proof acquisition device 810 is implemented in whole or in part by software, hardware, firmware or any combination thereof.

转发证明的获取装置810中的各个单元的实现细节,以及转发证明的获取装置810与其他设备之间的交互过程请参照前面各个方法实施例中的描述,在这里不再详述。For the implementation details of each unit in the forwarding proof acquisition device 810, and the interaction process between the forwarding proof acquisition device 810 and other devices, please refer to the description in the previous method embodiments, which will not be described in detail here.

下面结合后文描述的设备900,描述使用硬件或软件来实现转发证明的获取装置810中的各个功能单元的一些可能实现方式。In conjunction with the device 900 described below, some possible implementations of the various functional units in the forwarding proof acquisition device 810 using hardware or software are described below.

在采用软件实现的情况下,例如,上述处理单元812和获取单元811是由图14中的至少一个处理器901读取存储器902中存储的程序代码后,生成的软件功能单元来实现。In the case of software implementation, for example, the processing unit 812 and the acquisition unit 811 are implemented by software functional units generated after at least one processor 901 in FIG. 14 reads the program code stored in the memory 902 .

在采用硬件实现的情况下,例如,图11中上述各个单元由计算设备中的不同硬件分别实现,例如处理单元812由图14中的至少一个处理器901中的一部分处理资源(例如多核处理器中的一个核或两个核)实现,或者采用现场可编程门阵列(field-programmable gate array,FPGA)、或协处理器等可编程器件来完成。发送单元813由图14中的网络接口903实现。In the case of hardware implementation, for example, each of the above units in FIG. 11 is implemented by different hardware in the computing device, for example, the processing unit 812 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor. The sending unit 813 is implemented by the network interface 903 in FIG. 14.

图12是本申请实施例提供的一种转发证明的验证装置820的结构示意图。转发证明的验证装置820包括获取单元821和验证单元822。装置820例如设于图1中转发节点A-1、转发节点B-2或者转发节点C-3。获取单元821用于执行图2示出的方法中的S270;验证单元822,用于执行图2示出的方法中的S280。装置820例如设于图3中观察者(验证节点)。装置820例如设于图4中关键节点1、关键节点2、关键节点3或者关键节点4。装置820例如设于图5中关键节点4。装置820例如设于图6中SF节点_2、SF节点_2或者代理转发节点_3或者目的主机。Figure 12 is a structural diagram of a forwarding proof verification device 820 provided in an embodiment of the present application. The forwarding proof verification device 820 includes an acquisition unit 821 and a verification unit 822. The device 820 is, for example, arranged at the forwarding node A-1, the forwarding node B-2 or the forwarding node C-3 in Figure 1. The acquisition unit 821 is used to execute S270 in the method shown in Figure 2; the verification unit 822 is used to execute S280 in the method shown in Figure 2. The device 820 is, for example, arranged at the observer (verification node) in Figure 3. The device 820 is, for example, arranged at the key node 1, the key node 2, the key node 3 or the key node 4 in Figure 4. The device 820 is, for example, arranged at the key node 4 in Figure 5. The device 820 is, for example, arranged at the SF node_2, the SF node_2 or the proxy forwarding node_3 or the destination host in Figure 6.

图12所描述的装置实施例仅仅是示意性的,例如,上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。The device embodiment described in FIG12 is merely illustrative. For example, the division of the above-mentioned units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Each functional unit in each embodiment of the present application may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

转发证明的验证装置820中的各个单元全部或部分地通过软件、硬件、固件或者其任意组合来实现。Each unit in the verification device 820 of the forwarding certificate is fully or partially implemented by software, hardware, firmware or any combination thereof.

转发证明的验证装置820中的各个单元的实现细节,以及转发证明的验证装置820与其他设备之间的交互过程请参照前面各个方法实施例中的描述,在这里不再详述。For the implementation details of each unit in the forwarding proof verification device 820, and the interaction process between the forwarding proof verification device 820 and other devices, please refer to the description in the previous method embodiments, which will not be described in detail here.

下面结合后文描述的设备900,描述使用硬件或软件来实现转发证明的验证装置820中的各个功能单元的一些可能实现方式。In conjunction with the device 900 described below, some possible implementations of the various functional units in the verification device 820 for forwarding proof using hardware or software are described below.

在采用软件实现的情况下,例如,上述验证单元822是由图14中的至少一个处理器901读取存储器902中存储的程序代码后,生成的软件功能单元来实现。In the case of software implementation, for example, the verification unit 822 is implemented by a software functional unit generated by at least one processor 901 in FIG. 14 after reading the program code stored in the memory 902 .

在采用硬件实现的情况下,例如,图12中上述各个单元由计算设备中的不同硬件分别实现,例如验证单元822由图14中的至少一个处理器901中的一部分处理资源(例如多核处理器中的一个核或两个核)实现,或者采用现场可编程门阵列(field-programmable gate array,FPGA)、或协处理器等可编程器件来完成。获取单元821由图14中的网络接口903实现。In the case of hardware implementation, for example, each of the above units in FIG. 12 is implemented by different hardware in the computing device, for example, the verification unit 822 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor. The acquisition unit 821 is implemented by the network interface 903 in FIG. 14.

图13是本申请实施例提供的一种转发证明的验证装置830的结构示意图。装置830例如设于图9中转发节点A、转发节点B-2或者转发节点C-3。转发证明的验证装置830包括获取单元831和处理单元832。获取单元831用于执行图10示出的方法S430以及S440;处理单元832,用于执行图10示出的方法中S450以及S460。FIG13 is a schematic diagram of the structure of a forwarding proof verification device 830 provided in an embodiment of the present application. The device 830 is, for example, disposed at the forwarding node A, the forwarding node B-2, or the forwarding node C-3 in FIG9 . The forwarding proof verification device 830 includes an acquisition unit 831 and a processing unit 832. The acquisition unit 831 is used to execute the method S430 and S440 shown in FIG10 ; the processing unit 832 is used to execute S450 and S460 in the method shown in FIG10 .

图13所描述的装置实施例仅仅是示意性的,例如,上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。The device embodiment described in FIG. 13 is merely illustrative. For example, the division of the above-mentioned units is only a logical functional division. There may be other division methods in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Each functional unit in each embodiment of the present application may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

转发证明的验证装置830中的各个单元全部或部分地通过软件、硬件、固件或者其任意组合来实现。Each unit in the verification device 830 of the forwarding certificate is implemented in whole or in part by software, hardware, firmware or any combination thereof.

转发证明的验证装置830中的各个单元的实现细节,以及转发证明的验证装置830与其他设备之间的交互过程请参照前面各个方法实施例中的描述,在这里不再详述。For the implementation details of each unit in the forwarding proof verification device 830, and the interaction process between the forwarding proof verification device 830 and other devices, please refer to the description in the previous method embodiments, which will not be described in detail here.

下面结合后文描述的设备900,描述使用硬件或软件来实现转发证明的验证装置830中的各个功能单元的一些可能实现方式。In conjunction with the device 900 described below, some possible implementations of the various functional units in the verification device 830 for forwarding proof using hardware or software are described below.

在采用软件实现的情况下,例如,上述获取单元831和处理单元832是由图14中的至少一个处理器901读取存储器902中存储的程序代码后,生成的软件功能单元来实现。In the case of software implementation, for example, the acquisition unit 831 and the processing unit 832 are implemented by software functional units generated after at least one processor 901 in FIG. 14 reads the program code stored in the memory 902 .

在采用硬件实现的情况下,例如,图13中上述各个单元由计算设备中的不同硬件分别实现,例如处理单元832由图14中的至少一个处理器901中的一部分处理资源(例如多核处理器中的一个核或两个核)实现,或者采用现场可编程门阵列(field-programmable gate array,FPGA)、或协处理器等可编程器件来完成。获取单元831由图14中的网络接口903实现。In the case of hardware implementation, for example, each of the above units in FIG. 13 is implemented by different hardware in the computing device, for example, the processing unit 832 is implemented by a part of the processing resources in at least one processor 901 in FIG. 14 (for example, one core or two cores in a multi-core processor), or is implemented by a field-programmable gate array (FPGA) or a programmable device such as a coprocessor. The acquisition unit 831 is implemented by the network interface 903 in FIG. 14.

图14是本申请实施例提供的一种设备900的结构示意图。设备900包括至少一个处理器901、存储器902以及至少一个网络接口903。14 is a schematic diagram of the structure of a device 900 provided in an embodiment of the present application. The device 900 includes at least one processor 901 , a memory 902 , and at least one network interface 903 .

在一些实施方式中,设备900提供为转发设备(转发节点)。在另一些实施方式中,设备900提供为计算设备。设备900例如为图1中转发节点A-1、转发节点B-2或者转发节点C-3。设备900例如为图3中关键节点1、关键节点2、关键节点3或者关键节点4。设备900例如为图4中关键节点1、关键节点2、关键节点3或者关键节点4。设备900例如为图5中关键节点4。设备900例如为图6中SF节点_2、SF节点_2或者代理转发节点_3。设备900例如为图9中转发节点A、转发节点B-2或者转发节点C-3。In some embodiments, the device 900 is provided as a forwarding device (forwarding node). In other embodiments, the device 900 is provided as a computing device. The device 900 is, for example, a forwarding node A-1, a forwarding node B-2, or a forwarding node C-3 in FIG. 1. The device 900 is, for example, a key node 1, a key node 2, a key node 3, or a key node 4 in FIG. 3. The device 900 is, for example, a key node 1, a key node 2, a key node 3, or a key node 4 in FIG. 4. The device 900 is, for example, a key node 4 in FIG. 5. The device 900 is, for example, a SF node_2, a SF node_2, or a proxy forwarding node_3 in FIG. 6. The device 900 is, for example, a forwarding node A, a forwarding node B-2, or a forwarding node C-3 in FIG. 9.

设备900例如包括图2中关键节点A,网络接口903用于执行图2示出的方法中S230;处理器901用于执行图2示出的方法中S240以及S250。网络接口903用于执行图2示出的方法中S260以及发送数据报文B。The device 900 includes, for example, the key node A in Figure 2, the network interface 903 is used to execute S230 in the method shown in Figure 2, and the processor 901 is used to execute S240 and S250 in the method shown in Figure 2. The network interface 903 is used to execute S260 in the method shown in Figure 2 and send data message B.

设备900又如包括图2中关键节点B,网络接口903用于执行图2示出的方法中S320。处理器901用于执行图2示出的方法中S340以及S350,网络接口903用于执行图2示出的方法中S360。The device 900 also includes the key node B in Figure 2, and the network interface 903 is used to execute S320 in the method shown in Figure 2. The processor 901 is used to execute S340 and S350 in the method shown in Figure 2, and the network interface 903 is used to execute S360 in the method shown in Figure 2.

设备900又如包括图2中验证节点,网络接口903用于执行图2示出的方法中S270。处理器901用于执行图2示出的方法中S280。The device 900 also includes the verification node in Figure 2, and the network interface 903 is used to execute S270 in the method shown in Figure 2. The processor 901 is used to execute S280 in the method shown in Figure 2.

设备900又如包括图10中关键节点A,处理器901用于执行图10示出的方法中S440、S450以及S460;网络接口903用于执行图10示出的方法中S430。处理器901还用于指示网络接口903执行图10示出的方法中S470或者S480。The device 900 also includes the key node A in Figure 10, the processor 901 is used to execute S440, S450 and S460 in the method shown in Figure 10, and the network interface 903 is used to execute S430 in the method shown in Figure 10. The processor 901 is also used to instruct the network interface 903 to execute S470 or S480 in the method shown in Figure 10.

处理器901例如是通用中央处理器(central processing unit,CPU)、网络处理器(network processer,NP)、图形处理器(graphics processing unit,GPU)、神经网络处理器(neural-network processing units,NPU)、数据处理单元(data processing unit,DPU)、微处理器或者一个或多个用于实现本申请方案的集成电路。例如,处理器901包括专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。PLD例如是复杂可编程逻辑器件(complex programmable logic device,CPLD)、现场可编程逻辑门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合。The processor 901 is, for example, a general-purpose central processing unit (CPU), a network processor (NP), a graphics processing unit (GPU), a neural-network processing units (NPU), a data processing unit (DPU), a microprocessor, or one or more integrated circuits for implementing the solution of the present application. For example, the processor 901 includes an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The PLD is, for example, a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.

存储器902例如是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其它类型的静态存储设备,又如是随机存取存储器(random access memory,RAM)或者可存储信息和指令的其它类型的动态存储设备,又如是电可擦可编程只读存储器(electrically erasable programmable read-only Memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其它光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其它磁存储设备,或者是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其它介质,但不限于此。可选地,存储器902独立存在,并通过内部连接904与处理器901相连接。或者,可选地存储器902和处理器901集成在一起。The memory 902 is, for example, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compressed optical disk, laser disk, optical disk, digital versatile disk, Blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto. Optionally, the memory 902 exists independently and is connected to the processor 901 through the internal connection 904. Alternatively, the memory 902 and the processor 901 are optionally integrated together.

网络接口903使用任何收发器一类的装置,用于与其它设备或通信网络通信。网络接口903例如包括有线网络接口或者无线网络接口中的至少一项。其中,有线网络接口例如为以太网接口。以太网接口例如是光接口,电接口或其组合。无线网络接口例如为无线局域网(wireless local area networks,WLAN)接口,蜂窝网络接口或其组合等。The network interface 903 uses any transceiver-like device for communicating with other devices or communication networks. The network interface 903 includes, for example, at least one of a wired network interface or a wireless network interface. The wired network interface is, for example, an Ethernet interface. The Ethernet interface is, for example, an optical interface, an electrical interface, or a combination thereof. The wireless network interface is, for example, a wireless local area network (WLAN) interface, a cellular network interface, or a combination thereof.

在一些实施例中,处理器901包括一个或多个CPU,如图14中所示的CPU0和CPU1。In some embodiments, processor 901 includes one or more CPUs, such as CPU0 and CPU1 as shown in FIG. 14 .

在一些实施例中,设备900可选地包括多个处理器,如图14中所示的处理器901和处理器905。这些处理器中的每一个例如是一个单核处理器(single-CPU),又如是一个多核处理器(multi-CPU)。这里的处理器可选地指一个或多个设备、电路、和/或用于处理数据(如计算机程序指令)的处理核。In some embodiments, the device 900 optionally includes multiple processors, such as processor 901 and processor 905 shown in Figure 14. Each of these processors is, for example, a single-core processor (single-CPU), or a multi-core processor (multi-CPU). The processor here optionally refers to one or more devices, circuits, and/or processing cores for processing data (such as computer program instructions).

在一些实施例中,设备900还包括内部连接904。处理器901、存储器902以及至少一个网络接口903通过内部连接904连接。内部连接904包括通路,在上述组件之间传送信息。可选地,内部连接904是单板或总线。可选地,内部连接904分为地址总线、数据总线、控制总线等。In some embodiments, the device 900 further includes an internal connection 904. The processor 901, the memory 902, and the at least one network interface 903 are connected via the internal connection 904. The internal connection 904 includes a path to transmit information between the above components. Optionally, the internal connection 904 is a single board or a bus. Optionally, the internal connection 904 is divided into an address bus, a data bus, a control bus, etc.

在一些实施例中,设备900还包括输入输出接口906。输入输出接口906连接到内部连接904上。In some embodiments, the device 900 further includes an input-output interface 906. The input-output interface 906 is connected to the internal connection 904.

可选地,处理器901通过读取存储器902中保存的程序代码实现上述实施例中的方法,或者,处理器901通过内部存储的程序代码实现上述实施例中的方法。在处理器901通过读取存储器902中保存的程序代码实现上述实施例中的方法的情况下,存储器902中保存实现本申请实施例提供的方法的程序代码910。Optionally, the processor 901 implements the method in the above embodiment by reading the program code stored in the memory 902, or the processor 901 implements the method in the above embodiment by the program code stored internally. In the case where the processor 901 implements the method in the above embodiment by reading the program code stored in the memory 902, the memory 902 stores the program code 910 that implements the method provided in the embodiment of the present application.

处理器901实现上述功能的更多细节请参考前面各个方法实施例中的描述,在这里不再重复。For more details on how the processor 901 implements the above functions, please refer to the descriptions in the previous method embodiments, which will not be repeated here.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分可互相参考,每个实施例重点说明的都是与其他实施例的不同之处。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referenced to each other, and each embodiment focuses on the differences from other embodiments.

A参考B,指的是A与B相同或者A为B的简单变形。A refers to B, which means that A is the same as B or A is a simple variant of B.

本申请实施例的说明书和权利要求书中的术语“第一”和“第二”等是用于区别不同的对象,而不是用于描述对象的特定顺序,也不能理解为指示或暗示相对重要性。例如,第一转发证明和第二转发证明用于区别不同的转发证明,而不是用于描述转发证明的特定顺序,也不能理解为第一转发证明比第二转发证明更重要。The terms "first" and "second" in the description and claims of the embodiments of the present application are used to distinguish different objects, rather than to describe a specific order of objects, and cannot be understood as indicating or implying relative importance. For example, the first forwarding proof and the second forwarding proof are used to distinguish different forwarding proofs, rather than to describe a specific order of forwarding proofs, and cannot be understood as the first forwarding proof being more important than the second forwarding proof.

本申请实施例所涉及的信息(包括但不限于用户设备信息、用户个人信息等)、数据(包括但不限于用于分析的数据、存储的数据、展示的数据等)以及信号,均为经用户授权或者经过各方充分授权的,且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准。例如,本申请中涉及到的身份信息都是在充分授权的情况下获取的。The information (including but not limited to user device information, user personal information, etc.), data (including but not limited to data used for analysis, stored data, displayed data, etc.) and signals involved in the embodiments of this application are all authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with the relevant laws, regulations and standards of relevant countries and regions. For example, the identity information involved in this application is obtained with full authorization.

本申请实施例,除非另有说明,“至少一个”的含义是指一个或多个,“多个”的含义是指两个或两个以上。例如,多个转发节点是指两个或两个以上的转发节点。In the embodiments of the present application, unless otherwise specified, "at least one" means one or more, and "multiple" means two or more. For example, multiple forwarding nodes means two or more forwarding nodes.

上述实施例可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例描述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the process or function described in the embodiment of the present application is generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more available media integrated therein. The available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state drive Solid State Disk (SSD)), etc.

以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。The above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the aforementioned embodiments, a person skilled in the art should understand that the technical solutions described in the aforementioned embodiments may still be modified, or some of the technical features may be replaced by equivalents. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (49)

一种转发证明的获取方法,其特征在于,所述方法包括:A method for obtaining a forwarding certificate, characterized in that the method comprises: 第一转发节点获取第一数据报文,所述第一数据报文对应的至少两个关键节点包括所述第一转发节点,所述关键节点为路径规划方为所述第一数据报文确定的预期转发路径中经过的转发节点;The first forwarding node acquires a first data message, wherein the at least two key nodes corresponding to the first data message include the first forwarding node, and the key node is a forwarding node passed in an expected forwarding path determined by a path planner for the first data message; 所述第一转发节点获取所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息,所述第一转发节点在所述预期转发路径中的顺序位置与所述第一转发节点在所述第一数据报文的实际转发路径中的顺序位置不同,所述第一转发节点的身份信息指示所述第一转发节点的身份;The first forwarding node obtains, by the first forwarding node, a sequential position of the first forwarding node in the expected forwarding path and identity information of the first forwarding node, wherein the sequential position of the first forwarding node in the expected forwarding path is different from the sequential position of the first forwarding node in an actual forwarding path of the first data message, and the identity information of the first forwarding node indicates an identity of the first forwarding node; 所述第一转发节点基于所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息获得所述第一转发节点的转发证明,所述第一转发节点的转发证明用于证明所述第一转发节点在所述预期转发路径中的顺序位置转发所述第一数据报文。The first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node forwards the first data packet at the sequential position in the expected forwarding path. 根据权利要求1所述的方法,其特征在于,所述至少两个关键节点还包括第二转发节点,所述第二转发节点为所述预期转发路径中位于所述第一转发节点上游的关键节点,所述第一转发节点基于所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息获得所述第一转发节点的转发证明,包括:The method according to claim 1, characterized in that the at least two key nodes further include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the first forwarding node obtains the forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, comprising: 所述第一转发节点基于所述第一转发节点在所述预期转发路径中的顺序位置、所述第一转发节点的身份信息、所述第二转发节点在所述预期转发路径中的顺序位置以及所述第二转发节点的身份信息获得所述第一转发节点的转发证明,所述第二转发节点的身份信息指示所述第二转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点以及所述第二转发节点分别在所述预期转发路径中处于对应的顺序位置。The first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path. 根据权利要求2所述的方法,其特征在于,所述第一转发节点为所述预期转发路径中的最后一个关键节点,所述第二转发节点包括所述预期转发路径中所述第一转发节点之外的所有关键节点。The method according to claim 2 is characterized in that the first forwarding node is the last key node in the expected forwarding path, and the second forwarding node includes all key nodes in the expected forwarding path except the first forwarding node. 根据权利要求1至3中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 3, characterized in that the method further comprises: 所述第一转发节点基于所述第一数据报文获得所述第一转发节点在所述实际转发路径中的顺序位置;The first forwarding node obtains, based on the first data message, a sequential position of the first forwarding node in the actual forwarding path; 所述第一转发节点向验证节点发送所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置。The first forwarding node sends a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path to the verification node. 根据权利要求4所述的方法,其特征在于,所述验证节点包括第三转发节点,所述第三转发节点为所述预期转发路径中位于所述第一转发节点下游的关键节点,所述第一转发节点向验证节点发送所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置,包括:The method according to claim 4, characterized in that the verification node includes a third forwarding node, the third forwarding node is a key node located downstream of the first forwarding node in the expected forwarding path, and the first forwarding node sends a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path to the verification node, comprising: 所述第一转发节点基于所述第一数据报文、所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置获得第二数据报文,所述第二数据报文包括所述第一数据报文的载荷、所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;The first forwarding node obtains a second data message based on the first data message, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, where the second data message includes the payload of the first data message, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; 所述第一转发节点向所述第三转发节点发送所述第二数据报文。The first forwarding node sends the second data packet to the third forwarding node. 根据权利要求5所述的方法,其特征在于,所述第一数据报文包括第一位置列表,所述第一位置列表包括所述预期转发路径中位于所述第一转发节点上游的关键节点在所述实际转发路径中的顺序位置,所述第二数据报文包括第二位置列表,所述第二位置列表包括所述第一位置列表以及所述第一转发节点在所述实际转发路径中的顺序位置。The method according to claim 5 is characterized in that the first data packet includes a first position list, the first position list includes the sequential positions of key nodes located upstream of the first forwarding node in the expected forwarding path in the actual forwarding path, and the second data packet includes a second position list, the second position list includes the first position list and the sequential positions of the first forwarding node in the actual forwarding path. 根据权利要求5或6所述的方法,其特征在于,所述第二数据报文包括互联网协议第六版IPv6扩展头,所述IPv6扩展头包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The method according to claim 5 or 6, characterized in that the second data message includes an Internet Protocol version 6 IPv6 extension header, and the IPv6 extension header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述第二数据报文包括网络服务报文头NSH,所述NSH包括元数据字段,所述元数据字段包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The second data message includes a network service message header NSH, the NSH includes a metadata field, the metadata field includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述第二数据报文包括多协议标签交换MPLS头,所述MPLS头包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The second data message includes a multi-protocol label switching MPLS header, and the MPLS header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述第二数据报文包括虚拟化扩展局域网VxLAN头,所述VxLAN头包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The second data message includes a virtualized extended local area network VxLAN header, and the VxLAN header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述第二数据报文包括互联网协议安全性IPsec头,所述IPsec头包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置。The second data message includes an Internet Protocol security IPsec header, and the IPsec header includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. 根据权利要求7所述的方法,其特征在于,所述IPv6扩展头包括段路由头SRH,所述SRH包括类型-长度-值TLV,所述SRH的TLV包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The method according to claim 7, characterized in that the IPv6 extension header includes a segment routing header SRH, the SRH includes a type-length-value TLV, and the TLV of the SRH includes a forwarding proof of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述IPv6扩展头包括应用感知网络APN报文头,所述APN报文头包括应用感知网络标识APN ID,所述APN ID包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The IPv6 extension header includes an application-aware network APN message header, the APN message header includes an application-aware network identifier APN ID, the APN ID includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述IPv6扩展头包括目的选项头DOH,所述DOH包括TLV,所述DOH的TLV包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The IPv6 extension header includes a destination option header DOH, the DOH includes a TLV, and the TLV of the DOH includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述IPv6扩展头包括逐跳选项头HBH,所述HBH包括TLV,所述HBH的TLV包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置。The IPv6 extension header includes a hop-by-hop options header HBH, the HBH includes a TLV, and the TLV of the HBH includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path. 根据权利要求4所述的方法,其特征在于,所述第一转发节点向验证节点发送所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置,包括:The method according to claim 4, characterized in that the first forwarding node sends the forwarding proof of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path to the verification node, comprising: 所述第一转发节点生成通告报文,所述通告报文包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;The first forwarding node generates a notification message, wherein the notification message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; 所述第一转发节点向验证节点发送所述通告报文。The first forwarding node sends the notification message to the verification node. 根据权利要求9所述的方法,其特征在于,所述通告报文包括网络配置协议NETCONF报文,所述NETCONF报文包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;或者,The method according to claim 9, characterized in that the notification message includes a network configuration protocol NETCONF message, and the NETCONF message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; or, 所述通告报文包括超文本传输协议HTTP报文,所述HTTP报文中的载荷字段包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置。The notification message includes a Hypertext Transfer Protocol (HTTP) message, and the payload field in the HTTP message includes the forwarding certificate of the first forwarding node and the sequential position of the first forwarding node in the actual forwarding path. 根据权利要求1至10中任一项所述的方法,其特征在于,所述第一数据报文包括段列表segment list,所述segment list包括所述第一转发节点的段标识SID,所述第一转发节点获取所述第一转发节点在所述预期转发路径中的顺序位置,包括:The method according to any one of claims 1 to 10, characterized in that the first data message includes a segment list segment list, the segment list includes a segment identifier SID of the first forwarding node, and the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path, comprising: 所述第一转发节点基于所述第一转发节点的SID在所述segment list中所处的顺序位置,获得所述第一转发节点在所述预期转发路径中的顺序位置。The first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path based on the sequential position of the SID of the first forwarding node in the segment list. 根据权利要求1至10中任一项所述的方法,其特征在于,所述第一数据报文包括路径标识,所述第一转发节点获取所述第一转发节点在所述预期转发路径中的顺序位置,包括:The method according to any one of claims 1 to 10, characterized in that the first data message includes a path identifier, and the first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path, comprising: 所述第一转发节点基于所述路径标识以及所述第一转发节点保存的对应关系,获得所述第一转发节点在所述预期转发路径中的顺序位置,所述对应关系包括所述路径标识以及所述第一转发节点在所述预期转发路径中的顺序位置。The first forwarding node obtains the sequential position of the first forwarding node in the expected forwarding path based on the path identifier and a corresponding relationship stored by the first forwarding node, wherein the corresponding relationship includes the path identifier and the sequential position of the first forwarding node in the expected forwarding path. 根据权利要求1至10中任一项所述的方法,其特征在于,所述第一转发节点获取第一数据报文之前,所述方法还包括:The method according to any one of claims 1 to 10, characterized in that before the first forwarding node obtains the first data message, the method further comprises: 所述第一转发节点接收来自路径规划方的所述第一转发节点在所述预期转发路径中的顺序位置。The first forwarding node receives a sequential position of the first forwarding node in the expected forwarding path from a path planner. 根据权利要求1至13中任一项所述的方法,其特征在于,所述第一转发节点获取第一数据报文,包括:所述第一转发节点接收来自第二转发节点的所述第一数据报文,所述第二转发节点为所述转发路径中位于所述第一转发节点上游的关键节点,所述第一数据报文包括所述第二转发节点的转发证明;The method according to any one of claims 1 to 13, characterized in that the first forwarding node obtains the first data message, comprising: the first forwarding node receives the first data message from a second forwarding node, the second forwarding node is a key node in the forwarding path that is located upstream of the first forwarding node, and the first data message includes a forwarding certificate of the second forwarding node; 所述方法还包括:所述第一转发节点基于第一向量承诺、所述第二转发节点的身份信息以及所述第二转发节点在所述预期转发路径中的顺序位置,对所述第二转发节点的转发证明进行验证,所述第一向量承诺指示至少两个关键节点在所述预期转发路径中的顺序位置与所述至少两个关键节点的身份之间的对应关系,所述至少两个关键节点包括所述第二转发节点。The method also includes: the first forwarding node verifies the forwarding proof of the second forwarding node based on a first vector commitment, identity information of the second forwarding node, and a sequential position of the second forwarding node in the expected forwarding path, wherein the first vector commitment indicates a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, and the at least two key nodes include the second forwarding node. 根据权利要求1所述的方法,其特征在于,所述路径规划方为生成所述第一数据报文的载荷数据的源主机;或者,所述路径规划方为所述预期转发路径中第一个转发设备。The method according to claim 1 is characterized in that the path planner is a source host that generates the payload data of the first data message; or, the path planner is the first forwarding device in the expected forwarding path. 一种转发证明的验证方法,其特征在于,所述方法包括:A method for verifying a forwarding certificate, characterized in that the method comprises: 验证节点获取所述第一转发节点的转发证明、第一向量承诺、第一转发节点的身份信息以及第一转发节点在预期转发路径的顺序位置,所述第一向量承诺指示至少两个关键节点在所述预期转发路径中的顺序位置与所述至少两个关键节点的身份之间的对应关系,所述至少两个关键节点包括所述第一转发节点,所述第一转发节点的身份信息指示所述第一转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点在所述预期转发路径处于所述第一转发节点的顺序位置;The verification node obtains a forwarding proof of the first forwarding node, a first vector commitment, identity information of the first forwarding node, and a sequential position of the first forwarding node in an expected forwarding path, wherein the first vector commitment indicates a correspondence between sequential positions of at least two key nodes in the expected forwarding path and the identities of the at least two key nodes, the at least two key nodes include the first forwarding node, the identity information of the first forwarding node indicates the identity of the first forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node is in the sequential position of the first forwarding node in the expected forwarding path; 所述验证节点基于所述第一向量承诺、所述第一转发节点的身份信息以及所述第一转发节点的顺序位置对所述第一转发节点的转发证明进行验证。The verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the ordinal position of the first forwarding node. 根据权利要求16所述的方法,其特征在于,所述至少两个关键节点还包括第二转发节点,所述第二转发节点为所述预期转发路径中位于所述第一转发节点上游的关键节点,所述验证节点基于所述第一向量承诺、所述第一转发节点的身份信息以及所述第一转发节点在所述预期转发路径中的顺序位置对所述第一转发节点的转发证明进行验证,包括:The method according to claim 16, characterized in that the at least two key nodes further include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the sequential position of the first forwarding node in the expected forwarding path, comprising: 所述验证节点基于所述第一向量承诺、所述第一转发节点在所述预期转发路径中的顺序位置、所述第一转发节点的身份信息、所述第二转发节点在所述预期转发路径中的顺序位置以及所述第二转发节点的身份信息,对所述第一转发节点的转发证明进行验证,所述第二转发节点的身份信息指示所述第二转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点以及所述第二转发节点均在所述预期转发路径中处于对应的顺序位置。The verification node verifies the forwarding proof of the first forwarding node based on the first vector commitment, the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicating the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are both in corresponding sequential positions in the expected forwarding path. 根据权利要求16或17所述的方法,其特征在于,所述验证节点获取所述第一转发节点的转发证明,包括:The method according to claim 16 or 17, characterized in that the verification node obtains the forwarding certificate of the first forwarding node, comprising: 所述验证节点接收来自所述第一转发节点的所述第一转发节点的转发证明。The verification node receives a forwarding certificate of the first forwarding node from the first forwarding node. 一种转发证明的验证方法,其特征在于,所述方法还包括:A method for verifying a forwarding certificate, characterized in that the method further comprises: 第一转发节点获取第一数据报文,所述第一转发节点部署于第一自治域AS的边界;The first forwarding node obtains the first data message, where the first forwarding node is deployed at the boundary of the first autonomous domain AS; 所述第一转发节点基于被验证AS的顺序位置以及所述被验证AS的身份信息获得所述被验证AS的转发证明,所述被验证AS的身份信息指示所述被验证AS的身份;The first forwarding node obtains a forwarding certificate of the verified AS based on the sequence position of the verified AS and the identity information of the verified AS, where the identity information of the verified AS indicates the identity of the verified AS; 所述第一转发节点基于第二向量承诺、被验证AS的顺序位置以及所述被验证AS的身份信息对所述被验证AS的转发证明进行验证,所述第二向量承诺指示所述至少两个AS中每个AS的身份信息以及每个AS的顺序位置之间的对应关系。The first forwarding node verifies the forwarding proof of the verified AS based on a second vector commitment, a sequential position of the verified AS, and identity information of the verified AS, wherein the second vector commitment indicates a correspondence between the identity information of each AS in the at least two ASs and a sequential position of each AS. 根据权利要求19所述的方法,其特征在于,所述被验证AS包括所述第一AS的邻居AS、所述第一AS或者源AS至所述第一AS中的每个AS其中至少一项,所述邻居AS包括所述第一数据报文的实际转发路径中所述第一AS的上一个AS或/和所述第一数据报文的目的IP地址的可达路径中所述第一AS的下一个AS,所述源AS为与源主机通信的AS,所述源主机为生成所述第一数据报文的载荷数据的设备。The method according to claim 19 is characterized in that the verified AS includes at least one of a neighbor AS of the first AS, the first AS, or each AS from the source AS to the first AS, the neighbor AS includes the previous AS of the first AS in the actual forwarding path of the first data packet and/or the next AS of the first AS in the reachable path of the destination IP address of the first data packet, the source AS is an AS communicating with a source host, and the source host is a device that generates payload data of the first data packet. 根据权利要求19或20所述的方法,其特征在于,所述被验证AS的顺序位置包括所述被验证AS的预期顺序位置或者所述被验证AS的实际顺序位置,所述被验证AS的预期顺序位置用于指示所述被验证AS与所述第一数据报文的预期转发路径经过的AS之间的顺序关系,所述被验证AS的实际顺序位置用于指示所述被验证AS与所述第一数据报文的实际转发路径经过的AS之间的顺序关系。The method according to claim 19 or 20 is characterized in that the sequential position of the verified AS includes the expected sequential position of the verified AS or the actual sequential position of the verified AS, the expected sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the expected forwarding path of the first data packet passes, and the actual sequential position of the verified AS is used to indicate the sequential relationship between the verified AS and the AS through which the actual forwarding path of the first data packet passes. 根据权利要求19所述的方法,其特征在于,所述被验证AS包括所述第一AS的邻居AS,所述第一数据报文携带所述第一AS的实际顺序位置,所述被验证AS的实际顺序位置是基于所述第一AS的实际顺序位置以及所述第一AS与所述被验证AS之间的顺序关系获得的。The method according to claim 19 is characterized in that the verified AS includes a neighbor AS of the first AS, the first data packet carries the actual sequential position of the first AS, and the actual sequential position of the verified AS is obtained based on the actual sequential position of the first AS and the sequential relationship between the first AS and the verified AS. 根据权利要求19所述的方法,其特征在于,所述被验证AS包括所述第一AS,所述第一数据报文中携带所述第一AS的实际顺序位置。The method according to claim 19 is characterized in that the verified AS includes the first AS, and the first data message carries the actual sequential position of the first AS. 根据权利要求19所述的方法,其特征在于,所述第一数据报文中携带AS列表,所述AS列表包括述第一数据报文的预期转发路路径经过的每个AS的身份信息,所述被验证AS的预期顺序位置是基于被验证AS的身份信息在所述AS列表中所处的顺序位置获得的。The method according to claim 19 is characterized in that the first data packet carries an AS list, the AS list includes the identity information of each AS through which the expected forwarding path of the first data packet passes, and the expected sequential position of the verified AS is obtained based on the sequential position of the identity information of the verified AS in the AS list. 根据权利要求19至24中任一项所述的方法,其特征在于,所述第一数据报文中携带所述第二向量承诺。The method according to any one of claims 19 to 24, characterized in that the first data message carries the second vector commitment. 根据权利要求19所述的方法,其特征在于,所述第一数据报文包括互联网协议第六版IPv6扩展头,所述IPv6扩展头中携带所述被验证AS的顺序位置、所述被验证AS的身份信息以及所述第二向量承诺;或者,The method according to claim 19, characterized in that the first data message includes an Internet Protocol version 6 (IPv6) extension header, wherein the IPv6 extension header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or, 所述第一数据报文包括网络服务报文头NSH,所述NSH包括元数据字段,所述元数据字段中携带所述被验证AS的顺序位置、所述被验证AS的身份信息以及所述第二向量承诺;或者,The first data message includes a network service message header NSH, the NSH includes a metadata field, and the metadata field carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment; or, 所述第一数据报文包括多协议标签交换MPLS头,所述MPLS头中携带所述被验证AS的顺序位置、所述被验证AS的身份信息以及所述第二向量承诺;或者,The first data message includes a multi-protocol label switching MPLS header, and the MPLS header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or, 所述第一数据报文包括虚拟化扩展局域网VxLAN头,所述VxLAN头中携带所述被验证AS的顺序位置、所述被验证AS的身份信息以及所述第二向量承诺;或者,The first data message includes a virtualized extended local area network VxLAN header, and the VxLAN header carries the sequence position of the verified AS, the identity information of the verified AS, and the second vector commitment; or, 所述第一数据报文包括互联网协议安全性IPsec头,所述IPsec头中携带所述被验证AS的顺序位置、所述被验证AS的身份信息以及所述第二向量承诺。The first data message includes an Internet Protocol security IPsec header, and the IPsec header carries the sequence position of the authenticated AS, the identity information of the authenticated AS, and the second vector commitment. 根据权利要求19所述的方法,其特征在于,所述第一数据报文的目的IP地址包括第一IP地址,所述第一转发节点获取第一数据报文之前,所述方法还包括:The method according to claim 19, wherein the destination IP address of the first data message includes a first IP address, and before the first forwarding node obtains the first data message, the method further comprises: 所述第一转发节点接收来自所述被验证AS的路由协议报文,所述路由协议报文中携带所述第一IP地址以及所述被验证AS的身份信息;The first forwarding node receives a routing protocol message from the verified AS, where the routing protocol message carries the first IP address and identity information of the verified AS; 所述第一转发节点保存第一对应关系,所述第一对应关系包括所述第一IP地址以及所述被验证AS的身份信息;The first forwarding node stores a first corresponding relationship, where the first corresponding relationship includes the first IP address and identity information of the verified AS; 所述第一转发节点获取第一数据报文之后,所述方法还包括:After the first forwarding node obtains the first data message, the method further includes: 所述第一转发节点基于所述第一IP地址以及所述第一对应关系获得所述被验证AS的身份信息。The first forwarding node obtains the identity information of the authenticated AS based on the first IP address and the first corresponding relationship. 根据权利要求19所述的方法,其特征在于,所述第一数据报文中携带路径标识,所述路径标识用于标识所述预期转发路径,所述第一转发节点获取第一数据报文之前,所述方法还包括:The method according to claim 19, characterized in that the first data message carries a path identifier, the path identifier is used to identify the expected forwarding path, and before the first forwarding node obtains the first data message, the method further includes: 所述第一转发节点接收来自路径规划方的通告报文,所述通告报文中携带所述路径标识、所述被验证AS的顺序位置以及所述被验证AS的身份信息;The first forwarding node receives a notification message from a path planner, where the notification message carries the path identifier, the sequence position of the verified AS, and the identity information of the verified AS; 所述第一转发节点保存第二对应关系,所述第二对应关系包括所述路径标识、所述被验证AS的顺序位置以及所述被验证AS的身份信息;The first forwarding node stores a second corresponding relationship, where the second corresponding relationship includes the path identifier, the sequence position of the verified AS, and the identity information of the verified AS; 所述第一转发节点获取第一数据报文之后,所述方法还包括:After the first forwarding node obtains the first data message, the method further includes: 所述第一转发节点基于所述路径标识以及所述第二对应关系获得所述被验证AS的顺序位置以及所述被验证AS的身份信息。The first forwarding node obtains the sequence position of the verified AS and the identity information of the verified AS based on the path identifier and the second corresponding relationship. 一种转发证明的获取装置,其特征在于,所述装置设于第一转发节点,所述装置包括:A device for obtaining a forwarding certificate, characterized in that the device is arranged at a first forwarding node, and the device comprises: 获取单元,用于获取第一数据报文,所述第一数据报文对应的至少两个关键节点包括所述第一转发节点,所述关键节点为路径规划方为所述第一数据报文确定的预期转发路径中经过的转发节点;获取所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息,所述第一转发节点在所述预期转发路径中的顺序位置与所述第一转发节点在所述第一数据报文的实际转发路径中的顺序位置不同,所述第一转发节点的身份信息指示所述第一转发节点的身份;an acquisition unit, configured to acquire a first data message, wherein the at least two key nodes corresponding to the first data message include the first forwarding node, and the key node is a forwarding node passed through in an expected forwarding path determined by a path planner for the first data message; acquire a sequential position of the first forwarding node in the expected forwarding path and identity information of the first forwarding node, wherein the sequential position of the first forwarding node in the expected forwarding path is different from the sequential position of the first forwarding node in an actual forwarding path of the first data message, and the identity information of the first forwarding node indicates an identity of the first forwarding node; 处理单元,用于基于所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息获得所述第一转发节点的转发证明,所述第一转发节点的转发证明用于证明所述第一转发节点在所述预期转发路径中的顺序位置转发所述第一数据报文。A processing unit is used to obtain a forwarding certificate of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, wherein the forwarding certificate of the first forwarding node is used to prove that the first forwarding node forwards the first data packet at the sequential position in the expected forwarding path. 根据权利要求29所述的装置,其特征在于,所述至少两个关键节点还包括第二转发节点,所述第二转发节点为所述预期转发路径中位于所述第一转发节点上游的关键节点,所述第一转发节点基于所述第一转发节点在所述预期转发路径中的顺序位置以及所述第一转发节点的身份信息获得所述第一转发节点的转发证明,包括:The device according to claim 29, characterized in that the at least two key nodes further include a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the expected forwarding path, and the first forwarding node obtains the forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path and the identity information of the first forwarding node, comprising: 所述第一转发节点基于所述第一转发节点在所述预期转发路径中的顺序位置、所述第一转发节点的身份信息、所述第二转发节点在所述预期转发路径中的顺序位置以及所述第二转发节点的身份信息获得所述第一转发节点的转发证明,所述第二转发节点的身份信息指示所述第二转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点以及所述第二转发节点分别在所述预期转发路径中处于对应的顺序位置。The first forwarding node obtains a forwarding proof of the first forwarding node based on the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are respectively in corresponding sequential positions in the expected forwarding path. 根据权利要求30所述的装置,其特征在于,所述第一转发节点为所述预期转发路径中的最后一个关键节点,所述第二转发节点包括所述预期转发路径中所述第一转发节点之外的所有关键节点。The device according to claim 30 is characterized in that the first forwarding node is the last key node in the expected forwarding path, and the second forwarding node includes all key nodes in the expected forwarding path other than the first forwarding node. 根据权利要求31所述的装置,其特征在于,所述处理单元,还用于基于所述第一数据报文获得所述第一转发节点在所述实际转发路径中的顺序位置;The device according to claim 31, characterized in that the processing unit is further used to obtain the sequential position of the first forwarding node in the actual forwarding path based on the first data message; 所述装置还包括:发送单元,用于向验证节点发送所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置。The device further includes: a sending unit, configured to send a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path to a verification node. 根据权利要求32所述的装置,其特征在于,所述验证节点包括第三转发节点,所述第三转发节点为所述预期转发路径中位于所述第一转发节点下游的关键节点,所述处理单元,还用于基于所述第一数据报文、所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置获得第二数据报文,所述第二数据报文包括所述第一数据报文的载荷、所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;The device according to claim 32 is characterized in that the verification node includes a third forwarding node, the third forwarding node is a key node located downstream of the first forwarding node in the expected forwarding path, and the processing unit is further used to obtain a second data message based on the first data message, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path, the second data message including the payload of the first data message, the forwarding proof of the first forwarding node, and the sequential position of the first forwarding node in the actual forwarding path; 所述发送单元,用于向所述第三转发节点发送所述第二数据报文。The sending unit is used to send the second data message to the third forwarding node. 根据权利要求32所述的装置,其特征在于,The device according to claim 32, characterized in that 所述处理单元,还用于生成通告报文,所述通告报文包括所述第一转发节点的转发证明以及所述第一转发节点在所述实际转发路径中的顺序位置;The processing unit is further configured to generate a notification message, wherein the notification message includes a forwarding certificate of the first forwarding node and a sequential position of the first forwarding node in the actual forwarding path; 所述发送单元,用于向验证节点发送所述通告报文。The sending unit is used to send the notification message to the verification node. 根据权利要求31至34中任一项所述的装置,其特征在于,所述第一数据报文包括段列表segment list,所述segment list包括所述第一转发节点的段标识SID,所述处理单元,用于基于所述第一转发节点的SID在所述segment list中所处的顺序位置,获得所述第一转发节点在所述预期转发路径中的顺序位置。The device according to any one of claims 31 to 34 is characterized in that the first data message includes a segment list segment list, the segment list includes a segment identifier SID of the first forwarding node, and the processing unit is used to obtain the sequential position of the first forwarding node in the expected forwarding path based on the sequential position of the SID of the first forwarding node in the segment list. 根据权利要求31至35中任一项所述的装置,其特征在于,所述第一数据报文包括路径标识,所述处理单元,用于基于所述路径标识以及所述第一转发节点保存的对应关系,获得所述第一转发节点在所述预期转发路径中的顺序位置,所述对应关系包括所述路径标识以及所述第一转发节点在所述预期转发路径中的顺序位置。The device according to any one of claims 31 to 35 is characterized in that the first data packet includes a path identifier, and the processing unit is used to obtain the sequential position of the first forwarding node in the expected forwarding path based on the path identifier and the corresponding relationship saved by the first forwarding node, and the corresponding relationship includes the path identifier and the sequential position of the first forwarding node in the expected forwarding path. 根据权利要求29至36中任一项所述的装置,其特征在于,所述获取单元,用于接收来自第二转发节点的所述第一数据报文,所述第二转发节点为所述转发路径中位于所述第一转发节点上游的关键节点,所述第一数据报文包括所述第二转发节点的转发证明;The device according to any one of claims 29 to 36, characterized in that the acquisition unit is used to receive the first data message from a second forwarding node, the second forwarding node is a key node located upstream of the first forwarding node in the forwarding path, and the first data message includes a forwarding certificate of the second forwarding node; 所述处理单元,还用于基于第一向量承诺、所述第二转发节点的身份信息以及所述第二转发节点在所述预期转发路径中的顺序位置,对所述第二转发节点的转发证明进行验证,所述第一向量承诺指示至少两个关键节点在所述预期转发路径中的顺序位置与所述至少两个关键节点的身份之间的对应关系,所述至少两个关键节点包括所述第二转发节点。The processing unit is further configured to verify the forwarding proof of the second forwarding node based on a first vector commitment, identity information of the second forwarding node, and a sequential position of the second forwarding node in the expected forwarding path, wherein the first vector commitment indicates a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, the at least two key nodes including the second forwarding node. 一种转发证明的验证装置,其特征在于,所述装置包括:A verification device for forwarding proof, characterized in that the device comprises: 获取单元,用于获取所述第一转发节点的转发证明、第一向量承诺、第一转发节点的身份信息以及第一转发节点在预期转发路径的顺序位置,所述第一向量承诺指示至少两个关键节点在所述预期转发路径中的顺序位置与所述至少两个关键节点的身份之间的对应关系,所述至少两个关键节点包括所述第一转发节点,所述第一转发节点的身份信息指示所述第一转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点在所述预期转发路径处于所述第一转发节点的顺序位置;an acquisition unit, configured to acquire a forwarding proof of the first forwarding node, a first vector commitment, identity information of the first forwarding node, and a sequential position of the first forwarding node in an expected forwarding path, wherein the first vector commitment indicates a correspondence between sequential positions of at least two key nodes in the expected forwarding path and identities of the at least two key nodes, the at least two key nodes include the first forwarding node, the identity information of the first forwarding node indicates the identity of the first forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node is in the sequential position of the first forwarding node in the expected forwarding path; 验证单元,用于基于所述第一向量承诺、所述第一转发节点的身份信息以及所述第一转发节点的顺序位置对所述第一转发节点的转发证明进行验证。A verification unit is configured to verify the forwarding proof of the first forwarding node based on the first vector commitment, the identity information of the first forwarding node, and the ordinal position of the first forwarding node. 根据权利要求38所述的装置,其特征在于,所述至少两个关键节点还包括第二转发节点,所述第二转发节点为所述预期转发路径中位于所述第一转发节点上游的关键节点,所述验证单元,用于基于所述第一向量承诺、所述第一转发节点在所述预期转发路径中的顺序位置、所述第一转发节点的身份信息、所述第二转发节点在所述预期转发路径中的顺序位置以及所述第二转发节点的身份信息,对所述第一转发节点的转发证明进行验证,所述第二转发节点的身份信息指示所述第二转发节点的身份,所述第一转发节点的转发证明用于证明所述第一转发节点以及所述第二转发节点均在所述预期转发路径中处于对应的顺序位置。The device according to claim 38 is characterized in that the at least two key nodes also include a second forwarding node, which is a key node located upstream of the first forwarding node in the expected forwarding path, and the verification unit is used to verify the forwarding proof of the first forwarding node based on the first vector commitment, the sequential position of the first forwarding node in the expected forwarding path, the identity information of the first forwarding node, the sequential position of the second forwarding node in the expected forwarding path, and the identity information of the second forwarding node, the identity information of the second forwarding node indicates the identity of the second forwarding node, and the forwarding proof of the first forwarding node is used to prove that the first forwarding node and the second forwarding node are both in corresponding sequential positions in the expected forwarding path. 根据权利要求38或39所述的装置,其特征在于,所述获取单元,用于接收来自所述第一转发节点的所述第一转发节点的转发证明。The device according to claim 38 or 39 is characterized in that the acquisition unit is used to receive the forwarding certificate of the first forwarding node from the first forwarding node. 一种转发证明的验证装置,其特征在于,所述装置设于第一转发节点,所述装置还包括:A verification device for forwarding proof, characterized in that the device is arranged at a first forwarding node, and the device further comprises: 获取单元,用于获取第一数据报文,所述第一转发节点部署于第一自治域AS的边界;An acquiring unit, configured to acquire a first data message, wherein the first forwarding node is deployed at a boundary of a first autonomous domain AS; 处理单元,用于基于被验证AS的顺序位置以及所述被验证AS的身份信息获得所述被验证AS的转发证明,所述被验证AS的身份信息指示所述被验证AS的身份;A processing unit, configured to obtain a forwarding certificate of the verified AS based on a sequence position of the verified AS and identity information of the verified AS, wherein the identity information of the verified AS indicates an identity of the verified AS; 所述处理单元,还用于基于第二向量承诺、被验证AS的顺序位置以及所述被验证AS的身份信息对所述被验证AS的转发证明进行验证,所述第二向量承诺指示所述至少两个AS中每个AS的身份信息以及每个AS的顺序位置之间的对应关系。The processing unit is further used to verify the forwarding proof of the verified AS based on a second vector commitment, the sequential position of the verified AS, and the identity information of the verified AS, wherein the second vector commitment indicates the correspondence between the identity information of each AS in the at least two ASs and the sequential position of each AS. 根据权利要求41所述的装置,其特征在于,所述被验证AS包括所述第一AS的邻居AS,所述第一数据报文携带所述第一AS的实际顺序位置,所述被验证AS的实际顺序位置是处理单元基于所述第一AS的实际顺序位置以及所述第一AS与所述被验证AS之间的顺序关系获得的。The device according to claim 41 is characterized in that the verified AS includes a neighbor AS of the first AS, the first data packet carries the actual sequential position of the first AS, and the actual sequential position of the verified AS is obtained by the processing unit based on the actual sequential position of the first AS and the sequential relationship between the first AS and the verified AS. 根据权利要求41所述的装置,其特征在于,所述被验证AS包括所述第一AS,所述处理单元用于获取所述第一数据报文中携带的所述第一AS的实际顺序位置。The device according to claim 41 is characterized in that the verified AS includes the first AS, and the processing unit is used to obtain the actual sequential position of the first AS carried in the first data packet. 根据权利要求41所述的装置,其特征在于,所述第一数据报文中携带AS列表,所述AS列表包括述第一数据报文的预期转发路路径经过的每个AS的身份信息,所述被验证AS的预期顺序位置是所述处理单元基于被验证AS的身份信息在所述AS列表中所处的顺序位置获得的。The device according to claim 41 is characterized in that the first data packet carries an AS list, the AS list includes the identity information of each AS through which the expected forwarding path of the first data packet passes, and the expected sequential position of the verified AS is obtained by the processing unit based on the sequential position of the identity information of the verified AS in the AS list. 根据权利要求41所述的装置,其特征在于,所述第一数据报文的目的IP地址包括第一IP地址,所述获取单元,还用于接收来自所述被验证AS的路由协议报文,所述路由协议报文中携带所述第一IP地址以及所述被验证AS的身份信息;The device according to claim 41 is characterized in that the destination IP address of the first data message includes a first IP address, and the acquisition unit is further used to receive a routing protocol message from the verified AS, and the routing protocol message carries the first IP address and the identity information of the verified AS; 所述处理单元,还用于保存第一对应关系,所述第一对应关系包括所述第一IP地址以及所述被验证AS的身份信息;The processing unit is further used to save a first corresponding relationship, where the first corresponding relationship includes the first IP address and the identity information of the verified AS; 所述获取单元,还用于基于所述第一IP地址以及所述第一对应关系获得所述被验证AS的身份信息。The acquisition unit is further configured to obtain the identity information of the authenticated AS based on the first IP address and the first corresponding relationship. 根据权利要求41所述的装置,其特征在于,所述第一数据报文中携带路径标识,所述路径标识用于标识所述预期转发路径,所述获取单元,还用于接收来自路径规划方的通告报文,所述通告报文中携带所述路径标识、所述被验证AS的顺序位置以及所述被验证AS的身份信息;The device according to claim 41 is characterized in that the first data message carries a path identifier, the path identifier is used to identify the expected forwarding path, and the acquisition unit is further used to receive a notification message from the path planning party, the notification message carries the path identifier, the sequential position of the verified AS, and the identity information of the verified AS; 所述处理单元,还用于保存第二对应关系,所述第二对应关系包括所述路径标识、所述被验证AS的顺序位置以及所述被验证AS的身份信息;The processing unit is further used to save a second corresponding relationship, wherein the second corresponding relationship includes the path identifier, the sequential position of the verified AS, and the identity information of the verified AS; 所述获取单元,还用于基于所述路径标识以及所述第二对应关系获得所述被验证AS的顺序位置以及所述被验证AS的身份信息。The acquisition unit is further configured to obtain the sequence position of the authenticated AS and the identity information of the authenticated AS based on the path identifier and the second corresponding relationship. 一种转发设备,其特征在于,所述转发设备包括:处理器,所述处理器与存储器耦合,所述存储器中存储有至少一条计算机程序指令,所述至少一条计算机程序指令由所述处理器加载并执行,以使所述转发设备实现权利要求1-28中任一项所述的方法。A forwarding device, characterized in that the forwarding device comprises: a processor, the processor is coupled to a memory, the memory stores at least one computer program instruction, and the at least one computer program instruction is loaded and executed by the processor so that the forwarding device implements the method described in any one of claims 1-28. 一种计算机可读存储介质,其特征在于,所述存储介质中存储有至少一条指令,所述指令在计算机上运行时,使得计算机执行如权利要求1-28中任一项所述的方法。A computer-readable storage medium, characterized in that at least one instruction is stored in the storage medium, and when the instruction is executed on a computer, the computer executes the method as described in any one of claims 1 to 28. 一种计算机程序产品,其特征在于,所述计算机程序产品包括一个或多个计算机程序指令,当所述计算机程序指令被计算机加载并运行时,使得所述计算机执行权利要求1-28中任一项所述的方法。A computer program product, characterized in that the computer program product comprises one or more computer program instructions, and when the computer program instructions are loaded and executed by a computer, the computer is caused to execute the method described in any one of claims 1 to 28.
PCT/CN2025/072189 2024-01-16 2025-01-14 Method and apparatus for acquiring forwarding proof, and method and apparatus for verifying forwarding proof Pending WO2025152913A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202410067738.3 2024-01-16
CN202410067738.3A CN120342949A (en) 2024-01-16 2024-01-16 Method for obtaining forwarding certificate, method and device for verifying forwarding certificate

Publications (1)

Publication Number Publication Date
WO2025152913A1 true WO2025152913A1 (en) 2025-07-24

Family

ID=96360566

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2025/072189 Pending WO2025152913A1 (en) 2024-01-16 2025-01-14 Method and apparatus for acquiring forwarding proof, and method and apparatus for verifying forwarding proof

Country Status (2)

Country Link
CN (1) CN120342949A (en)
WO (1) WO2025152913A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190260667A1 (en) * 2018-02-19 2019-08-22 Telefónica, S.A Method and system for validating ordered proof of transit of traffic packets in a network
US10554407B1 (en) * 2018-07-12 2020-02-04 Protocol Labs, Inc. Protocols for decentralized networks
CN113904788A (en) * 2021-08-12 2022-01-07 云南电网有限责任公司信息中心 Block chain-based network frame security verification method and SDN switch
CN114679284A (en) * 2020-12-24 2022-06-28 中国移动通信有限公司研究院 Trusted remote attestation system and its storage, verification method and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190260667A1 (en) * 2018-02-19 2019-08-22 Telefónica, S.A Method and system for validating ordered proof of transit of traffic packets in a network
US10554407B1 (en) * 2018-07-12 2020-02-04 Protocol Labs, Inc. Protocols for decentralized networks
CN114679284A (en) * 2020-12-24 2022-06-28 中国移动通信有限公司研究院 Trusted remote attestation system and its storage, verification method and storage medium
CN113904788A (en) * 2021-08-12 2022-01-07 云南电网有限责任公司信息中心 Block chain-based network frame security verification method and SDN switch

Also Published As

Publication number Publication date
CN120342949A (en) 2025-07-18

Similar Documents

Publication Publication Date Title
Chuat et al. The complete guide to scion
US12034703B2 (en) Dynamic, user-configurable virtual private network
CN107567704B (en) Pass Validation with Network Path with In-Band Metadata
US8555056B2 (en) Method and system for including security information with a packet
US9185097B2 (en) Method and system for traffic engineering in secured networks
US10009336B2 (en) Network security system to validate a server certificate
US11316780B2 (en) Attestation-based route reflector
CN104247367B (en) Improve IPsec performance and anti-eavesdropping security
JP5449543B2 (en) Packet routing in the network
CN113395247A (en) Method and equipment for preventing replay attack on SRv6HMAC verification
JP2011520327A (en) Method and system for providing communication reliability
Sengupta et al. Privacy-preserving network path validation
Pattaranantakul et al. On achieving trustworthy service function chaining
CN117097662A (en) Routing method, network equipment and system
Borges et al. Pot-polka: Let the edge control the proof-of-transit in path-aware networks
WO2025152913A1 (en) Method and apparatus for acquiring forwarding proof, and method and apparatus for verifying forwarding proof
Wolf A credential-based data path architecture for assurable global networking
Borges et al. In-situ proof-of-transit for path-aware programmable networks
WO2025001457A1 (en) Forwarding proof acquisition method and device, and forwarding proof verification method and device
Martinello et al. PathSec: Path-Aware Secure Routing with Native Path Verification and Auditability
CN119232649A (en) Method for acquiring forwarding certificate, method and device for verifying forwarding certificate
CN117560168B (en) SRv6 message generation and transmission method based on zero trust
Wu et al. Constant‐Size Credential‐Based Packet Forwarding Verification in SDN
Palmieri et al. Enhanced Security Strategies for MPLS Signaling.
Chen Infrastructure-based Anonymous Communication Protocols in Future Internet Architectures

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 25741474

Country of ref document: EP

Kind code of ref document: A1